WO2021237753A1 - 通信方法及装置 - Google Patents

通信方法及装置 Download PDF

Info

Publication number
WO2021237753A1
WO2021237753A1 PCT/CN2020/093542 CN2020093542W WO2021237753A1 WO 2021237753 A1 WO2021237753 A1 WO 2021237753A1 CN 2020093542 W CN2020093542 W CN 2020093542W WO 2021237753 A1 WO2021237753 A1 WO 2021237753A1
Authority
WO
WIPO (PCT)
Prior art keywords
algorithm
information
node
kdf
mac
Prior art date
Application number
PCT/CN2020/093542
Other languages
English (en)
French (fr)
Inventor
王勇
陈璟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN202310734715.9A priority Critical patent/CN116801242A/zh
Priority to CA3185313A priority patent/CA3185313A1/en
Priority to EP20937988.2A priority patent/EP4145787A4/en
Priority to MX2022015024A priority patent/MX2022015024A/es
Priority to JP2022573160A priority patent/JP7521011B2/ja
Priority to PCT/CN2020/093542 priority patent/WO2021237753A1/zh
Priority to CN202080015320.8A priority patent/CN113455032B/zh
Publication of WO2021237753A1 publication Critical patent/WO2021237753A1/zh
Priority to US17/994,516 priority patent/US20230091113A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications

Definitions

  • the embodiments of the present application relate to the field of wireless communication, and in particular to a communication method and device.
  • the method and device can be applied to the field of short-distance communication, such as the cockpit domain, and are suitable for scenarios such as automatic driving or intelligent driving.
  • the sender will use an algorithm to encrypt the data and send the encrypted data to the receiver. After the receiver receives the encrypted data, it will use the algorithm to encrypt the data. Decrypt the data to get the data. In order for the receiver to correctly decrypt the data sent by the sender, the receiver needs to use the same algorithm as the sender to decrypt the encrypted data to ensure normal communication.
  • the embodiments of the present application provide a communication method and device, which can enable the sender and the receiver to accurately and efficiently perform encryption or decryption related processing on communication information.
  • an embodiment of the present application provides a communication method, which is applied to a first node, and the method includes: receiving first algorithm negotiation request information from a second node, where the first algorithm negotiation request information is used to indicate a Or multiple algorithms and one or more key derivation functions (KDF); determine at least one first algorithm among the one or more algorithms and at least one first KDF among the one or more KDFs; Send first information to the second node, where the first information is used to indicate the at least one first algorithm and the at least one first KDF.
  • KDF key derivation functions
  • the method provided by the above first aspect can receive first algorithm negotiation request information indicating one or more algorithms and one or more KDFs from the second node, and determine at least one first algorithm negotiation request information according to the first algorithm negotiation request information. Algorithm and at least one first KDF, and send first information indicating at least one first algorithm and the at least one first KDF to the second node. In this way, the first node can negotiate the algorithm and KDF with the second node, thereby Realize that the first node and the second node can accurately and efficiently perform encryption or decryption related processing on communication information.
  • the first node can encrypt the information through the negotiated algorithm and KDF, and send the encrypted information to the second node, and the second node receives the encrypted information Later, the encrypted information can be decrypted according to the negotiated algorithm and KDF, thereby improving the security of communication between the first node and the second node.
  • the one or more algorithms include an encryption algorithm, and/or an integrity protection algorithm, and/or an authentication encryption algorithm.
  • the first node and the second node can use multiple algorithms such as encryption algorithm, integrity protection algorithm, or authentication encryption algorithm to communicate, which improves the algorithm used in communication between the first node and the second node. Diversity.
  • the first information is integrity protected by the at least one first algorithm.
  • the first node can perform integrity protection on the first information through at least one first algorithm, thereby improving the security of communication between the first node and the second node.
  • the first information includes second information and a first message authentication code (message authentication code, MAC), where: the The second information is used to indicate the at least one first algorithm and the at least one first KDF, and the first MAC is obtained by performing integrity protection on the second information.
  • the first node can send the second information and the first MAC to the second node, and protect the integrity of the second information through the first MAC, thereby improving the security of the communication between the first node and the second node sex.
  • the at least one first algorithm includes an integrity protection algorithm, and the first MAC is for the second information through The integrity protection algorithm is obtained by performing integrity protection; or, the at least one first algorithm includes an authentication encryption algorithm, and the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm.
  • the first node can protect the integrity of the second information through multiple algorithms, which improves the flexibility and diversity of the first node's integrity protection of the information between the first node and the second node.
  • the second information further includes the first freshness parameter and the first verification information
  • the first freshness parameter is the same as Parameters related to the timeliness of the first information
  • the first verification information is obtained according to the first algorithm negotiation request information, a preset shared key, the first freshness parameter, and the first KDF.
  • the first node can also perform integrity protection on the first algorithm negotiation request information through the first verification information, so as to improve the security of communication between the first node and the second node.
  • the first information includes encrypted information, second communication information, and second MAC.
  • a piece of communication information is obtained after encryption processing, the first piece of communication information does not indicate at least one of the at least one first algorithm or the at least one first KDF, and the second piece of communication information is used to indicate the at least one first algorithm or the at least one first KDF At least one of the at least one first KDF; the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information.
  • the first node can encrypt the first communication information to obtain the encrypted information, and use the second MAC to perform integrity protection on the encrypted information and the second communication information, thereby improving the communication between the first node and the second node. Security.
  • the at least one first algorithm includes an encryption algorithm and an integrity protection algorithm; the encryption information is the first communication information It is obtained after encryption processing is performed by the encryption algorithm; the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information by the integrity protection algorithm.
  • the first node can also encrypt the first communication information through an encryption algorithm, and perform integrity protection on the encrypted information and the second communication information through the integrity protection algorithm, thereby improving the relationship between the first node and the second node. Security of communication.
  • the at least one first algorithm includes an authentication encryption algorithm; the encrypted information is the first communication information through the authentication encryption The algorithm is obtained after encryption processing; the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information through the authentication encryption algorithm.
  • the first node can also encrypt the first communication information through the authenticated encryption algorithm, and protect the integrity of the encrypted information and the second communication information through the authenticated encryption algorithm, thereby improving the relationship between the first node and the second node. Security of communication.
  • the at least one first algorithm is the one or more algorithms, and the first node supports the one with the highest priority Algorithm;
  • the at least one first KDF is the one or more KDFs, the KDF with the highest priority supported by the first node.
  • the at least one first algorithm corresponds to one or more algorithm types; the algorithm type corresponding to the at least one first algorithm is Among the algorithm types of the one or more algorithms, the algorithm type with the highest priority supported by the first node.
  • the first node can determine the algorithm type with the highest priority among the algorithm types supported by both the first node and the second node, so that the first node determines the at least one first algorithm corresponding to the algorithm type with the highest priority.
  • the at least one first algorithm corresponds to an algorithm type
  • the algorithm type may correspond to multiple algorithms with different priorities.
  • An algorithm is the algorithm with the highest priority supported by the first node among the algorithms corresponding to the algorithm type.
  • the first node may determine the algorithm with the highest priority supported by the first node among the algorithm types corresponding to the first algorithm as the first algorithm.
  • the algorithm type corresponds to only one algorithm
  • the first node can use a higher priority algorithm to communicate with the second node.
  • the priority of the algorithm is related to the security of the algorithm. Therefore, the first node and the second node communicate with the algorithm with a higher priority, which can improve the security of the communication between the first node and the second node.
  • At least one first algorithm corresponds to multiple algorithm types, and the multiple algorithm types have the same priority.
  • Each algorithm type can correspond to one or more algorithms with different priorities, and the at least one first algorithm includes the algorithm with the highest priority supported by the first node among the algorithms corresponding to each of the above multiple algorithm types, or If a certain algorithm type corresponds to only one algorithm, the at least one first algorithm includes the one algorithm corresponding to the algorithm type.
  • the first node may determine the algorithm with the highest priority supported by the first node in each algorithm type as the first algorithm.
  • the first node can use a higher priority algorithm to communicate with the second node.
  • the priority of the algorithm is related to the security of the algorithm. Therefore, the first node and the second node communicate with the algorithm with a higher priority, which can improve the security of the communication between the first node and the second node.
  • the first algorithm negotiation request information further includes a second freshness parameter
  • the second freshness parameter is the same as the first algorithm negotiation request information.
  • An algorithm negotiates parameters related to the timeliness of request information, and the method further includes: receiving second verification information from the second node; wherein the second verification information is based on the first information, the preset shared key, and the The second freshness parameter and the first KDF are obtained; the second verification information is verified according to the first information, the shared key, the second freshness parameter, and the first KDF.
  • the first node can verify whether the first information received by the second node is modified according to the first information, the shared key, the second freshness parameter, and the first KDF, so as to improve the relationship between the first node and the second node. Security of inter-communication.
  • the method further includes: receiving second algorithm negotiation request information from the second node, the second algorithm negotiation request The information is used to indicate one or more algorithms and one or more KDFs; third information is sent to the second node, and the third information is used to indicate that the one or more indicated by the second algorithm negotiation request information is not supported or not applicable. Multiple algorithms and the one or more KDFs.
  • the first node can receive the second algorithm negotiation request information indicating one or more algorithms and one or more KDFs from the second node, and send to the second node indicating that it is not supported or not applicable
  • the third information of the one or more algorithms and the one or more KDF indicated by the second algorithm negotiation request information so that the first node and the second node can negotiate the algorithm and the KDF through multiple communications to improve the performance
  • the first node and the second node negotiate the algorithm and the success rate of the KDF.
  • one or more algorithms indicated by the second algorithm negotiation request information are different from those indicated by the first algorithm negotiation request information One or more algorithms; the one or more KDFs indicated by the second algorithm negotiation request information are different from the one or more KDFs indicated by the first algorithm negotiation request information.
  • the first node can obtain one or more algorithms and one or more KDFs indicated by the second node multiple times, so that the first node can determine which algorithm to use according to the obtained one or more algorithms and one or more KDFs.
  • the algorithm and KDF for communicating with the second node improve the success rate of the negotiation algorithm and KDF between the first node and the second node.
  • an embodiment of the present application provides a communication method, which is applied to a second node, and the method includes: sending first algorithm negotiation request information to the first node, where the first algorithm negotiation request information is used to indicate one or Multiple algorithms and one or more KDFs; receiving first information from the first node, where the first information is used to indicate at least one of the one or more algorithms and the one or more KDFs At least one of the first KDF.
  • the method provided by the above second aspect can send first algorithm negotiation request information for indicating one or more algorithms and one or more KDFs to the first node, and receive from the first node the first algorithm negotiation request information for indicating one or more KDFs. At least one first algorithm in the algorithm, and the first information of at least one first KDF in the one or more KDFs, so that the first node can negotiate the algorithm and KDF with the second node, and use the negotiated algorithm and KDF communicates, so that the first node and the second node can accurately and efficiently perform encryption or decryption related processing on the communication information.
  • the one or more algorithms include an encryption algorithm, and/or an integrity protection algorithm, and/or an authentication encryption algorithm.
  • the first node and the second node can use multiple algorithms such as encryption algorithm, integrity protection algorithm, or authentication encryption algorithm to communicate, which improves the algorithm used in communication between the first node and the second node. Diversity.
  • the first information is integrity protected by the at least one first algorithm.
  • the second node can verify the integrity of the first information through at least one first algorithm, thereby improving the security of communication between the first node and the second node.
  • the first information includes second information and a first message verification code MAC, where: the second information is used to indicate The at least one first algorithm and the at least one first KDF, and the first MAC is obtained by performing integrity protection on the second information.
  • the second node can receive the second information and the first MAC from the first node, where the second information is integrity protected by the first MAC, which can improve the communication between the first node and the second node. Security.
  • the at least one first algorithm includes an integrity protection algorithm, and the first MAC is used for the second information through the Obtained by integrity protection by an integrity protection algorithm; the method further includes: obtaining a third MAC according to the integrity protection algorithm and the second information, and the third MAC is used to verify the integrity of the second information; or,
  • the at least one first algorithm includes an authentication encryption algorithm, and the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm; the method further includes: according to the authentication encryption algorithm and the second information, Obtain a third MAC, which is used to verify the integrity of the second information.
  • the second node can verify the integrity of the second information according to multiple algorithms, which improves the flexibility and diversity of the second node when the second node verifies the integrity of the information.
  • the second information further includes the first freshness parameter and the first verification information
  • the first freshness parameter is related to Parameters related to the timeliness of the first information
  • the first verification information is obtained according to the first algorithm negotiation request information, a preset shared key, the first freshness parameter, and the first KDF.
  • the second node can also verify the integrity of the first algorithm negotiation request information through the first verification information, thereby improving the security of communication between the first node and the second node.
  • the first information includes encrypted information, second communication information, and a second MAC, where: the encrypted information is for the first A piece of communication information is obtained after encryption processing, the first piece of communication information does not indicate at least one of the at least one first algorithm or the at least one first KDF, and the second piece of communication information is used to indicate the at least one first algorithm or the at least one first KDF At least one of the at least one first KDF; the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information.
  • the second node can receive the encrypted information, the second communication information, and the second MAC from the first node, so that the second node can verify the integrity of the encrypted information and the second communication information through the second MAC, thereby improving the first node.
  • the at least one first algorithm includes an encryption algorithm and an integrity protection algorithm;
  • the encryption information is the first communication information Obtained by performing encryption processing through the encryption algorithm;
  • the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information through the integrity protection algorithm;
  • the method further includes: according to the integrity protection algorithm , The encrypted information and the second communication information obtain a fourth MAC; if the fourth MAC is the same as the second MAC, the encrypted information is decrypted by the encryption algorithm.
  • the second node can also obtain a fourth MAC according to the integrity protection algorithm, the encryption information, and the second communication information, and verify the integrity of the encryption information and the second communication information through the fourth MAC, thereby improving the first The security of communication between a node and a second node.
  • the at least one first algorithm includes an authentication encryption algorithm; the encrypted information is the first communication information through the authentication encryption The algorithm is obtained after encryption processing; the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information through the authenticated encryption algorithm; the method further includes: according to the authenticated encryption algorithm, the encrypted information, and The second communication information obtains a fourth MAC; if the fourth MAC is the same as the second MAC, the encrypted information is decrypted by the authentication encryption algorithm.
  • the second node can also obtain a fourth MAC according to the authentication encryption algorithm, the encryption information, and the second communication information, and verify the integrity of the encryption information and the second communication information through the fourth MAC, thereby improving the first The security of the communication between the node and the second node.
  • the at least one first algorithm is the one or more algorithms, and the first node supports the one with the highest priority Algorithm;
  • the at least one first KDF is the one or more KDFs, the KDF with the highest priority supported by the first node.
  • the second node adopts one or more algorithms, the first node The algorithm with the highest priority supported, and among one or more KDFs, the KDF with the highest priority supported by the first node communicates with the first node, which can improve the security of the communication between the first node and the second node.
  • the at least one first algorithm corresponds to one or more algorithm types; the algorithm type corresponding to the at least one first algorithm is Among the algorithm types of the one or more algorithms, the algorithm type with the highest priority supported by the first node.
  • the first node can determine the algorithm type with the highest priority among the algorithm types supported by both the first node and the second node, so that the first node can determine the at least one first algorithm corresponding to the algorithm type with the highest priority.
  • the at least one first algorithm corresponds to an algorithm type
  • the algorithm type may correspond to multiple algorithms with different priorities.
  • An algorithm is the algorithm with the highest priority supported by the first node among the algorithms corresponding to the algorithm type.
  • the first node may determine the algorithm with the highest priority supported by the first node among the algorithm types corresponding to the first algorithm as the first algorithm.
  • the algorithm type corresponds to only one algorithm
  • the first node can use a higher priority algorithm to communicate with the second node.
  • the priority of the algorithm is related to the security of the algorithm. Therefore, the first node and the second node communicate with the algorithm with a higher priority, which can improve the security of the communication between the first node and the second node.
  • At least one first algorithm corresponds to multiple algorithm types, and the multiple algorithm types have the same priority.
  • Each algorithm type can correspond to multiple algorithms with different priorities, and the at least one first algorithm includes the algorithm with the highest priority supported by the first node among the algorithms corresponding to each algorithm type of the above multiple algorithm types, or a certain
  • the algorithm type corresponds to only one algorithm, and the at least one first algorithm includes the one algorithm corresponding to the algorithm type.
  • the first node may determine the algorithm with the highest priority supported by the first node in each algorithm type as the first algorithm.
  • the first node can use a higher priority algorithm to communicate with the second node.
  • the priority of the algorithm is related to the security of the algorithm. Therefore, the first node and the second node communicate with the algorithm with a higher priority, which can improve the security of the communication between the first node and the second node.
  • the first algorithm negotiation request information further includes a second freshness parameter
  • the second freshness parameter is the same as the first freshness parameter.
  • the algorithm negotiates parameters related to the timeliness of the request information, and the method further includes: sending second verification information to the first node; wherein the second verification information is based on the first information, the preset shared key, and the first node. Two freshness parameters and the first KDF obtained. Based on the above method, the second node can protect the integrity of the first information through the second verification information.
  • the method further includes: sending second algorithm negotiation request information to the first node, and the second algorithm negotiation request information Used to indicate one or more algorithms and one or more KDFs; to receive the third information from the first node, the third information is used to indicate that the one or the one indicated by the second algorithm negotiation request information is not supported or not applicable Multiple algorithms and the one or more KDFs.
  • the second node can send the second algorithm negotiation request information for indicating one or more algorithms and one or more KDF to the first node, and receive from the first node for indicating that it is not supported or not applicable
  • the third information of the one or more algorithms and the one or more KDF indicated by the second algorithm negotiation request information so that the first node and the second node can negotiate the algorithm and the KDF through multiple communications to improve the performance
  • the first node and the second node negotiate the algorithm and the success rate of the KDF.
  • one or more algorithms indicated by the second algorithm negotiation request information are different from those indicated by the first algorithm negotiation request information One or more algorithms; the one or more KDFs indicated by the second algorithm negotiation request information are different from the one or more KDFs indicated by the first algorithm negotiation request information.
  • the second node can indicate one or more algorithms and one or more KDFs to the first node multiple times, so that the first node can determine what to use according to the received one or more algorithms and one or more KDFs.
  • the algorithm and KDF for communicating with the second node improve the success rate of the negotiation algorithm and KDF between the first node and the second node.
  • an embodiment of the present application provides a communication device that can implement the foregoing first aspect or any one of the possible implementation methods of the first aspect.
  • the device includes corresponding units or components for performing the above-mentioned methods.
  • the units included in the device can be implemented in software and/or hardware.
  • the device may be, for example, a first node, or a chip, a chip system, or a processor that can support the first node to implement the foregoing method.
  • an embodiment of the present application provides a communication device that can implement the foregoing second aspect or any one of the possible implementation methods of the second aspect.
  • the device includes corresponding units or components for performing the above-mentioned methods.
  • the units included in the device can be implemented in software and/or hardware.
  • the device may be, for example, a second node, or a chip, a chip system, or a processor that can support the second node to implement the foregoing method.
  • an embodiment of the present application provides a communication device, including: a processor, the processor is coupled with a memory, the memory is used to store a program or an instruction, when the program or an instruction is executed by the processor , So that the device implements the method described in the first aspect or any one of the possible implementation manners of the first aspect.
  • an embodiment of the present application provides a communication device, including: a processor, the processor is coupled with a memory, the memory is used to store a program or an instruction, when the program or an instruction is executed by the processor , So that the device implements the foregoing second aspect or the method described in any one of the possible implementation manners of the second aspect.
  • an embodiment of the present application provides a communication device, which is configured to implement the foregoing first aspect or the method described in any one of the possible implementation manners of the first aspect.
  • an embodiment of the present application provides a communication device, which is configured to implement the foregoing second aspect or the method described in any one of the possible implementation manners of the second aspect.
  • an embodiment of the present application provides a computer-readable medium on which a computer program or instruction is stored.
  • the computer program or instruction When the computer program or instruction is executed, the computer executes the first aspect or any of the first aspects. The method described in the implementation mode.
  • an embodiment of the present application provides a computer-readable medium on which a computer program or instruction is stored.
  • the computer executes the second aspect or any one of the second aspects described above. The method described in the implementation mode.
  • an embodiment of the present application provides a computer program product, which includes computer program code that, when run on a computer, causes the computer to execute the first aspect or any of the possible aspects of the first aspect. Implement the method described in the mode.
  • an embodiment of the present application provides a computer program product, which includes computer program code that, when run on a computer, causes the computer to execute the above-mentioned second aspect or any of the possible aspects of the second aspect Implement the method described in the mode.
  • an embodiment of the present application provides a chip, including: at least one processor, the processor is coupled to a memory, and the memory is used to store a program or instruction. When executed, the chip is made to implement the method described in the foregoing first aspect or any one of the possible implementation manners of the first aspect.
  • an embodiment of the present application provides a chip, including: at least one processor, the processor is coupled to a memory, and the memory is used to store a program or instruction. When executed, the chip is made to implement the method described in the foregoing second aspect or any one of the possible implementation manners of the second aspect.
  • an embodiment of the present application provides a communication system.
  • the system includes the device described in the third aspect and/or the device described in the fourth aspect, or the system includes the device described in the fifth aspect and/or the device described in the sixth aspect, or the system It includes the device described in the seventh aspect and/or the device described in the eighth aspect.
  • any communication device, chip, computer readable medium, computer program product, or communication system provided above is used to execute the corresponding method provided above, and therefore, the beneficial effects that can be achieved can be Refer to the beneficial effects in the corresponding method, which will not be repeated here.
  • FIG. 1 is a schematic diagram of a communication system architecture provided by an embodiment of the application
  • FIG. 2 is a schematic diagram of the hardware structure of a communication device provided by an embodiment of the application.
  • FIG. 3 is a first schematic flowchart of a communication method provided by an embodiment of this application.
  • FIG. 4 is a schematic diagram 2 of the flow of the communication method provided by an embodiment of this application.
  • FIG. 5 is a third schematic flowchart of a communication method provided by an embodiment of this application.
  • FIG. 6 is a fourth flowchart of a communication method provided by an embodiment of this application.
  • FIG. 7 is a fifth schematic flowchart of a communication method provided by an embodiment of this application.
  • FIG. 8 is a sixth flowchart of a communication method provided by an embodiment of this application.
  • FIG. 9 is a first structural diagram of a communication device provided by an embodiment of this application.
  • FIG. 10 is a second structural diagram of a communication device provided by an embodiment of this application.
  • FIG. 11 is a third structural diagram of a communication device provided by an embodiment of this application.
  • FIG. 12 is a schematic diagram of the composition of a communication system provided by an embodiment of this application.
  • FIG. 13 is a schematic structural diagram of a chip provided by an embodiment of the application.
  • the communication system may be a long term evolution (LTE) system, a fifth generation (5G) communication system, a new radio (NR) system, and a wireless fidelity (wireless-fidelity, WiFi) system , 3rd generation partnership project (3rd generation partnership project, 3GPP) related communication systems and future evolution of communication systems, etc., are not restricted.
  • LTE long term evolution
  • 5G fifth generation
  • NR new radio
  • wireless fidelity wireless-fidelity
  • 3rd generation partnership project 3rd generation partnership project, 3GPP
  • FIG. 1 it is a schematic diagram of the architecture of a communication system 10 provided by an embodiment of this application.
  • the communication system 10 may include a node 101 and a node 102 that can communicate with the node 101.
  • FIG. 1 is only a schematic diagram, and does not constitute a limitation on the applicable scenarios of the technical solutions provided in this application.
  • the node 101 or the node 102 in FIG. 1 may be any device with a transceiver function. Including but not limited to: evolved base station in LTE (NodeB or eNB or e-NodeB, evolutional NodeB), base station in NR (gNodeB or gNB) or transmission receiving point/transmission reception point (TRP), 3GPP Subsequent evolution of base stations, access nodes in the WiFi system, wireless relay nodes, wireless backhaul nodes, data transfer equipment (such as routers, repeaters, bridges or switches), etc.
  • the base station can be: a macro base station, a micro base station, a pico base station, a small station, a relay station, or a balloon station, etc.
  • the node 101 or the node 102 may also be a wireless controller, a centralized unit (CU), and/or a distributed unit (DU) in a cloud radio access network (cloud radio access network, CRAN) scenario.
  • the node 101 or the node 102 may also be a server, a wearable device (such as a smart watch, a smart bracelet, a pedometer, etc.), a machine communication device, or a vehicle-mounted device, etc.
  • the node 101 or the node 102 can also be a mobile phone (mobile phone), a tablet computer (Pad), a computer with wireless transceiver function, a headset, a stereo, a virtual reality (VR) terminal device, and an augmented reality (AR) Terminal equipment, terminal in machine type communication (MTC), terminal in industrial control (industrial control), vehicle-mounted terminal equipment, terminal in self-driving (self-driving), terminal equipment in assisted driving, remote Terminals in remote medical, terminals in smart grid, terminals in transportation safety, terminals in smart city, terminals in smart home, etc. .
  • MTC machine type communication
  • industrial control industrial control
  • vehicle-mounted terminal equipment terminal in self-driving (self-driving)
  • terminal equipment in assisted driving remote Terminals in remote medical
  • terminals in smart grid terminals in transportation safety
  • terminals in smart city terminals in smart home, etc.
  • the embodiments of this application do not limit the application scenarios.
  • Terminals can sometimes be referred to as terminal equipment, user equipment (UE), access terminal equipment, vehicle-mounted terminal, industrial control terminal, UE unit, UE station, mobile station, mobile station, remote station, remote terminal equipment, mobile Equipment, UE terminal equipment, wireless communication equipment, machine terminal, UE agent or UE device, etc.
  • the terminal can be fixed or mobile.
  • Node 101 or node 102 may also be a car cockpit (cockpit domain) device, or a module in a car cockpit device (cockpit domain controller (CDC), camera, screen, microphone, audio, electronic key, keyless Enter and start the system controller and other modules).
  • CDC firepit domain controller
  • the communication system 10 shown in FIG. 1 is only used as an example, and is not used to limit the technical solution of the present application. Those skilled in the art should understand that in a specific implementation process, the communication system 10 may also include other devices, and the number of nodes may also be determined according to specific needs, which is not limited.
  • each node in FIG. 1 in the embodiment of the present application may be a functional module in a device.
  • the functional module can be either an element in a hardware device, for example, a communication chip or communication component in a terminal device or a network device, or a software functional module running on hardware, or a platform (for example, Virtualization functions instantiated on the cloud platform).
  • each node in FIG. 1 can be implemented by the communication device 200 in FIG. 2.
  • Fig. 2 shows a schematic diagram of the hardware structure of a communication device applicable to the embodiments of the present application.
  • the communication device 200 may include at least one processor 201, a memory 203, and at least one communication interface 204.
  • the communication device further includes a communication line 202.
  • the at least one processor 201 may include a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), a field programmable gate array, FPGA) or one or more integrated circuits used to control the execution of the program of the present application.
  • CPU general-purpose central processing unit
  • ASIC application-specific integrated circuit
  • FPGA field programmable gate array
  • the communication line 202 can be used to transfer information between the aforementioned components.
  • the bus For example, the bus.
  • the communication interface 204 uses any device such as a transceiver to communicate with other devices or communication networks, such as an Ethernet interface, a radio access network (RAN), and a wireless local area network (wireless local area networks, Alternatively, the communication interface 204 can provide input and output for at least one processor 201 to complete the sending or receiving of data, instructions or information, but the connection structure is not limited to that shown in FIG. 2.
  • a transceiver to communicate with other devices or communication networks, such as an Ethernet interface, a radio access network (RAN), and a wireless local area network (wireless local area networks, Alternatively, the communication interface 204 can provide input and output for at least one processor 201 to complete the sending or receiving of data, instructions or information, but the connection structure is not limited to that shown in FIG. 2.
  • the memory 203 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM), or other types that can store information and instructions
  • the dynamic storage device can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disk storage, optical disc storage (Including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program codes in the form of instructions or data structures and can be used by a computer Any other media accessed, but not limited to this.
  • the memory can exist independently and is connected to the processor through the communication line 202.
  • the memory can also be integrated with the processor.
  • the memory provided by the embodiments of the present application may generally be non-volatile.
  • the memory 203 is used to store and execute the computer-executable instructions involved in the solution of the present application, and the processor 201 controls the execution.
  • the processor 201 is configured to execute computer-executable instructions stored in the memory 203, so as to implement the method provided in the embodiment of the present application.
  • the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
  • the processor 201 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 2.
  • the communication device 200 may include multiple processors, such as the processor 201 and the processor 207 in FIG. 2. Each of these processors can be a single-CPU (single-CPU) processor or a multi-core (multi-CPU) processor.
  • the processor here may refer to one or more devices, circuits, and/or processing cores for processing data (for example, computer program instructions).
  • the communication apparatus 200 may further include an output device 205 and an input device 206.
  • the output device 205 communicates with the processor 201 and can display information in a variety of ways.
  • the output device 205 may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector (projector) Wait.
  • the input device 206 communicates with the processor 201, and can receive user input in a variety of ways.
  • the input device 206 may be a mouse, a keyboard, a touch screen device, a sensor device, or the like.
  • the communication device 200 may be a desktop computer, a portable computer, a network server, a PDA (personal digital assistant, PDA), a mobile phone, a tablet computer, a wireless terminal device, an embedded device, or a device with a similar structure in Figure 2. equipment.
  • PDA personal digital assistant
  • the embodiment of the present application does not limit the type of the communication device 200.
  • the communication method provided by the embodiment of the present application will be described in detail below in conjunction with FIG. 1 and FIG. 2.
  • the nodes in the following embodiments may include the components shown in FIG. 2.
  • the algorithm in the embodiment of the present application may be a signaling plane algorithm, or a user plane algorithm, or a signaling plane algorithm and a user plane algorithm.
  • the signaling plane is used to transmit control signaling, such as access request information or identity authentication information, and the user plane is used to transmit data.
  • the algorithm of the signaling plane is used for the communication of the signaling plane between the first node and the second node.
  • the algorithm of the signaling plane may include an encryption algorithm, and/or an integrity protection algorithm, and/or an authentication encryption algorithm.
  • the user plane algorithm is used for user plane communication between the first node and the second node.
  • the user plane algorithm may include an encryption algorithm, and/or an integrity protection algorithm, and/or an authentication encryption algorithm.
  • the algorithm of the user plane and the algorithm of the signaling plane may be the same or different.
  • the algorithm of the signaling plane and the algorithm of the user plane are the same as: the number of algorithms of the signaling plane is the same as that of the user plane, the algorithm of the signaling plane belongs to the same type as the user plane, and the algorithm of the signaling plane is the same.
  • the logo is the same as the user plane.
  • the signaling plane algorithm includes two algorithms, namely encryption algorithm 1 and integrity protection algorithm 1
  • the user plane algorithm also includes two algorithms, namely encryption algorithm 1 and integrity protection algorithm 1.
  • the difference between the algorithm of the signaling plane and the algorithm of the user plane can be expressed as: the type of the algorithm of the signaling plane is different from that of the user plane (for example, the algorithm of the signaling plane includes encryption algorithms and integrity protection algorithms, and the algorithm of the user plane includes authentication Encryption algorithm), and/or, the number of algorithms on the signaling plane is different from that on the user plane (for example, the algorithm on the signaling plane includes two algorithms, and the algorithm on the user plane includes one algorithm);
  • the algorithm identifier of the signaling plane is different from that of the user plane.
  • the algorithm of the signaling plane includes two algorithms, respectively Encryption Algorithm 1 and Integrity Protection Algorithm 1.
  • the user plane algorithm includes two algorithms, namely Encryption Algorithm 2 and Integrity Protection Algorithm 2).
  • the first node or the second node may perform some or all of the steps in the embodiments of the present application. These steps are only examples, and the embodiments of the present application may also perform other steps or various steps. Deformed. In addition, each step may be executed in a different order presented in the embodiment of the present application, and it may not be necessary to perform all the steps in the embodiment of the present application.
  • the communication method includes step 301 to step 303.
  • Step 301 The second node sends the first algorithm negotiation request information to the first node.
  • the second node may be any node in FIG. 1, for example, the second node may be the node 101 or the node 102 shown in FIG. 1.
  • the first node may be the node 102 shown in FIG. 1.
  • the second node is the node 102 shown in FIG. 1
  • the first node may be the node 101 shown in FIG. 1.
  • the first algorithm negotiation request information may be used to indicate one or more algorithms and one or more key derivation functions (KDF).
  • the one or more algorithms may be one or more algorithms supported by the second node.
  • the one or more KDFs may be one or more KDFs supported by the second node. KDF can be used to generate keys corresponding to some or all of the one or more algorithms.
  • one or more algorithms supported by the second node, and/or one or more KDFs supported by the second node may be collectively referred to as the security capability of the second node.
  • one or more algorithms may be the same type of algorithm or different types of algorithms.
  • one or more algorithms include encryption algorithms, and/or integrity protection algorithms, and/or authentication encryption algorithms.
  • the one or more algorithms include at least one encryption algorithm, and/or, at least one integrity protection algorithm, and/or, at least one authentication encryption algorithm.
  • the encryption algorithm can encrypt or decrypt all or part of the communication information between the first node and the second node through the key of the encryption algorithm.
  • the integrity protection algorithm can protect all or part of the communication information between the first node and the second node through the key corresponding to the integrity protection algorithm, or verify the first node through the key corresponding to the integrity protection algorithm The integrity of all or part of the communication information with the second node.
  • the authentication encryption algorithm can encrypt or decrypt all or part of the communication information between the first node and the second node through the key of the authentication encryption algorithm, and the authentication encryption algorithm can use the key of the authentication encryption algorithm to pair the first node and the second node. All or part of the communication information between the two nodes is integrity protected, or the integrity of all or part of the communication information between the first node and the second node is verified through the key of the authentication encryption algorithm.
  • the embodiment of the present application does not limit the number of encryption algorithms, integrity protection algorithms, or authentication encryption algorithms indicated by the first algorithm negotiation request information.
  • the first algorithm negotiation request information may indicate 8 algorithms.
  • 2 are encryption algorithms
  • 3 are integrity protection algorithms
  • 3 are authentication encryption algorithms.
  • one or more algorithms and one or more KDFs indicated by the first algorithm negotiation request information are arranged according to priority.
  • one or more algorithms and one or more KDFs indicated by the first algorithm negotiation request information are arranged in descending order of priority, or one or more algorithms and one or more algorithms indicated by the first algorithm negotiation request information KDFs are arranged in order of priority from low to high.
  • one or more algorithms and one or more KDFs indicated by the first algorithm negotiation request information are arranged according to priority from high to low as an example, if the first algorithm negotiation request information is used to indicate encryption algorithm 1, encryption Algorithm 2, integrity protection algorithm 1, integrity protection algorithm 2, KDF1 and KDF2, the priority of the encryption algorithm is greater than or equal to the priority of the integrity protection algorithm, for encryption algorithm, the priority of encryption algorithm 1 is greater than or equal to encryption The priority of algorithm 2, for the integrity protection algorithm, the priority of integrity protection algorithm 1 is greater than or equal to the priority of integrity protection algorithm 2, and for KDF, the priority of KDF1 is greater than or equal to the priority of KDF2.
  • one or more algorithms and one or more KDFs indicated by the first algorithm negotiation request information are arranged according to priority from low to high as an example, if the first algorithm negotiation request information is used to indicate encryption algorithm 1, encryption Algorithm 2, integrity protection algorithm 1, integrity protection algorithm 2, KDF1 and KDF2, the priority of the encryption algorithm is less than or equal to the priority of the integrity protection algorithm, for the encryption algorithm, the priority of encryption algorithm 1 is less than or equal to the encryption algorithm The priority of 2, for the integrity protection algorithm, the priority of the integrity protection algorithm 1 is less than or equal to the priority of the integrity protection algorithm 2, and for the KDF, the priority of KDF1 is less than or equal to the priority of KDF2.
  • one or more algorithms include both the signaling plane algorithm and the user plane algorithm
  • the one or more algorithms are arranged according to the priority of the signaling plane algorithm and the priority of the user plane algorithm, respectively.
  • one or more algorithms and one or more KDFs indicated by the first algorithm negotiation request information are arranged in order from high to low as an example, if the algorithm and KDF indicated by the first algorithm negotiation request information may be as shown in the table
  • user plane algorithms include encryption algorithm 1, encryption algorithm 2, and integrity protection algorithm 1
  • signaling plane algorithms include encryption algorithm 2
  • integrity protection algorithm 1 and integrity protection algorithm 2
  • KDF includes KDF1 , KDF2 and KDF3.
  • the priority of the encryption algorithm is greater than or equal to the priority of the integrity protection algorithm
  • the priority of encryption algorithm 1 is greater than or equal to the priority of encryption algorithm 2.
  • the priority of the integrity protection algorithm 1 is greater than or equal to the priority of the integrity protection algorithm 2.
  • KDF User plane algorithm Signaling plane algorithm
  • KDF Encryption algorithm 1 Algorithm 2
  • KDF 1 Encryption algorithm 2 Integrity protection algorithm 1
  • the algorithm and KDF indicated by the first algorithm negotiation request information may also be as shown in the table As shown in Table 2, for the user plane algorithm/KDF, the priority of the authentication encryption algorithm is greater than the priority of the encryption algorithm and the integrity protection algorithm, and the priority of the encryption algorithm and the integrity protection algorithm are the same.
  • the priority of authentication encryption algorithm 1 is greater than or equal to the priority of authentication encryption algorithm 2
  • the priority of integrity protection algorithm 1 is greater than or equal to the priority of integrity protection algorithm 2
  • the priority of integrity protection algorithm 2 is greater than or Equal to the priority of encryption algorithm 1
  • the priority of encryption algorithm 1 is greater than or equal to the priority of encryption algorithm 2
  • the priority of KDF1 is greater than or equal to the priority of KDF2.
  • the priority of the encryption algorithm and the integrity protection algorithm is the same, and the priority of the encryption algorithm and the integrity protection algorithm is greater than the priority of the authentication encryption algorithm.
  • the priority of integrity protection algorithm 1 is greater than or equal to the priority of integrity protection algorithm 2
  • the priority of integrity protection algorithm 2 is greater than or equal to the priority of encryption algorithm 1
  • the priority of encryption algorithm 1 is greater than or equal to encryption
  • the priority of authentication encryption algorithm 2 is greater than or equal to the priority of authentication encryption algorithm 1
  • the priority of KDF3 is greater than or equal to the priority of KDF4.
  • the first algorithm negotiation request information may indicate one or more algorithms and one or more KDFs in any of the following ways.
  • the first algorithm negotiation request information includes one or more algorithm identifiers and one or more KDF identifiers.
  • the first algorithm negotiation request information when the first algorithm negotiation request information includes ID1, ID3, and ID5, the first algorithm negotiation request information is used to indicate algorithm 1, algorithm 3, and KDF2; When the first algorithm negotiation request information includes ID2 and ID4, the first algorithm negotiation request information is used to indicate algorithm 2 and KDF1.
  • Tables 1 to 3 are only examples of algorithms indicated by the first algorithm negotiation request information.
  • the algorithms indicated by the first algorithm negotiation request information may also be in other forms, which are not limited.
  • the first algorithm negotiation request information includes a bit sequence, one bit in the bit sequence corresponds to an algorithm or a KDF, and each bit in the bit sequence can indicate whether the first algorithm negotiation request information is 0 or 1 Indicates the algorithm or KDF corresponding to the bit. For example, if the bit is 1, it may indicate that the first algorithm negotiation request information indicates the algorithm or KDF corresponding to the bit, and if the bit is 0, it may indicate that the first algorithm negotiation request information does not indicate the algorithm or KDF corresponding to the bit, and vice versa. The same is true.
  • the first algorithm negotiation request information includes 5 bits, the first bit of the 5 bits corresponds to algorithm 1, the second bit corresponds to algorithm 2, the third bit corresponds to algorithm 3, and the fourth bit corresponds to algorithm 3.
  • Bit corresponds to KDF1, and the fifth bit corresponds to KDF2 as an example. If the 5 bits are 01010, it can indicate that the first algorithm negotiation request information is used to indicate algorithm 2 and KDF1; if the 5 bits are 11001, it can indicate the first algorithm.
  • the negotiation request information is used to indicate Algorithm 1, Algorithm 2, and KDF2.
  • the first algorithm negotiation request information includes two bit sequences, and the lengths of the two bit sequences may be the same or different.
  • one bit in the bit sequence corresponds to an algorithm
  • each bit in the bit sequence can indicate whether the first algorithm negotiation request information indicates the algorithm corresponding to the bit through 0 or 1. For example, if the bit is 1, it may indicate that the first algorithm negotiation request information indicates the algorithm corresponding to the bit, and if the bit is 0, it may indicate that the first algorithm negotiation request information does not indicate the algorithm corresponding to the bit, and vice versa.
  • one bit in the bit sequence corresponds to a KDF
  • each bit in the bit sequence can indicate whether the first algorithm negotiation request information indicates the KDF corresponding to the bit through 0 or 1. For example, if the bit is 1, it may indicate that the first algorithm negotiation request information indicates the KDF corresponding to the bit, and if the bit is 0, it may indicate that the first algorithm negotiation request information does not indicate the KDF corresponding to the bit, and vice versa.
  • the first algorithm negotiation request information includes two bit sequences, one of which is 3 bits, the first bit of the 3 bits corresponds to algorithm 1, the second bit corresponds to algorithm 2, and the third One bit corresponds to algorithm 3, and the other bit sequence is 2 bits.
  • the first bit of the 2 bits corresponds to KDF1, and the second bit corresponds to KDF2 as an example. If the first algorithm negotiation request information includes 110 and 01 , May indicate that the first algorithm negotiation request information is used to indicate algorithm 1, algorithm 2, and KDF2; if the first algorithm negotiation request information includes 010 and 11, it may indicate that the first algorithm negotiation request information is used to indicate algorithm 2, KDF1, and KDF2.
  • the first algorithm negotiation request information further includes the identifier of the second node and the second freshness parameter.
  • the second freshness parameter is a parameter related to the timeliness of the first algorithm negotiation request information.
  • the second freshness parameter includes the value of the counter in the second node or the first random number.
  • the value of the counter may be the value of the counter of the second node when the second node determines to send the first algorithm negotiation request information, and the counter may be used to record the number of communications between the first node and the second node.
  • the first random number may be a random number generated by the second node when the second node determines to send the first algorithm negotiation request information.
  • the second node detects whether the second node has the algorithm and KDF negotiated with the first node. If the second node has the algorithm and KDF negotiated with the first node, the second node uses The negotiated algorithm and KDF communicate with the first node; if the second node does not negotiate the algorithm and KDF with the first node, the second node executes step 301.
  • Step 302 The first node receives the first algorithm negotiation request information from the second node, and determines at least one first algorithm among the one or more algorithms and at least one first KDF among the one or more KDFs.
  • one or more algorithms supported by the first node, and/or one or more KDFs supported by the first node may be collectively referred to as the security capability of the first node.
  • At least one first algorithm includes an encryption algorithm; or, at least one first algorithm includes an integrity protection algorithm; or, at least one first algorithm includes an encryption algorithm and an integrity protection algorithm; or, at least one first algorithm includes Authentication encryption algorithm.
  • multiple algorithms correspond to corresponding priorities.
  • Multiple KDFs correspond to corresponding priorities.
  • the one or more algorithms and the one or more KDFs indicated by the first algorithm negotiation request information are arranged according to priority. For details, refer to the above step 301, which will not be repeated.
  • the corresponding relationship is pre-defined, for example, defined in a standard or protocol, or the corresponding relationship is pre-set, and can be pre-configured to the corresponding node through any other device.
  • the priority of the algorithm with a large identification is greater than the priority of the algorithm with a small identification; or, the priority of the algorithm with a small identification is greater than the priority of the algorithm with a large identification.
  • the priority of algorithm 2 is greater than the priority of algorithm 1; or, the priority of algorithm 1 is greater than the priority of algorithm 2.
  • the KDF identifier has a corresponding relationship with the priority of the KDF.
  • the priority of the KDF with a large identification is greater than the priority of the KDF with a small identification; or, the priority of the KDF with a small identification is greater than the priority of the KDF with a large identification.
  • the explanation of the correspondence relationship is often done in the form of a list below. However, those skilled in the art will know that this application includes, but is not limited to, the form of a table to embody the correspondence relationship.
  • the priorities of multiple algorithms are displayed through the priority list of the algorithms.
  • the priority of multiple KDFs is displayed through the priority list of KDFs.
  • the priority list of algorithms includes a priority list of encryption algorithms, and/or a priority list of integrity protection algorithms, and/or a priority list of authentication encryption algorithms.
  • the priority list of the algorithm includes the priority list of the user plane algorithm, and/or the priority of the signaling plane algorithm List.
  • the priority list of user plane algorithms can be used to determine the first algorithm of the user plane
  • the priority list of signaling plane algorithms can be used to determine the first algorithm of the signaling plane.
  • the priority list of the user plane algorithm and the priority list of the signaling plane algorithm may be the same or different.
  • the priority list of the above algorithms includes one or more algorithms, and the one or more algorithms included in the priority list of algorithms are arranged according to the priority of the algorithms.
  • the priority list of encryption algorithms includes algorithm 1, algorithm 2, and algorithm 3.
  • the priority of algorithm 1 ⁇ the priority of algorithm 2 ⁇ the priority of algorithm 3 the priority of algorithm 1 ⁇ the priority of algorithm 2 ⁇ the priority of algorithm 3.
  • the priority list of the above KDF includes one or more KDFs, and the one or more KDFs are arranged according to the priority of the KDFs.
  • the priority list of the KDF includes KDF1, KDF2, and KDF3, where the priority of KDF1 ⁇ the priority of KDF2 ⁇ the priority of KDF3, or the priority of KDF1 ⁇ the priority of KDF2 ⁇ the priority of KDF3 .
  • the algorithms in the priority list of the foregoing algorithms are arranged from high to low, or from low to high, according to the priority of the algorithm.
  • the KDFs in the KDF priority list are arranged from high to low, or from low to high, according to the priority of the KDF.
  • the priority list of algorithms includes a priority list of encryption algorithms, a priority list of integrity protection algorithms, and a priority list of authentication encryption algorithms, where the priority of the authentication encryption algorithm>the priority of the integrity protection algorithm ⁇
  • the priority of encryption algorithm includes algorithm 1 and algorithm 2
  • the priority of algorithm 1 is greater than the priority of algorithm 2
  • the priority list of integrity protection algorithm includes algorithm 3 and algorithm 4, and the priority of algorithm 3
  • the priority is greater than the priority of Algorithm 4.
  • the priority list of the authentication encryption algorithm includes Algorithm 5 and Algorithm 6.
  • the priority of Algorithm 5 is greater than the priority of Algorithm 6, and the algorithms in each priority list mentioned above are based on the priority of the algorithm. Take the high-to-low arrangement as an example, the priority list of the algorithm can be shown in Table 4. Table 4 is only an example of the priority list of algorithms, and the priority list of algorithms may also be in other forms without limitation.
  • the priority list of the algorithm may be as shown in Table 5.
  • the priority of the authentication encryption algorithm is priority 1
  • the priority of the encryption algorithm and the integrity protection algorithm is priority 2
  • the priority of priority 1 is greater than priority 2.
  • the at least one first algorithm is an algorithm with the highest priority supported by the first node among one or more algorithms.
  • the at least one first algorithm corresponds to one or more algorithm types. For example, if the at least one first algorithm includes one algorithm, at least one first algorithm corresponds to one algorithm type; if the at least one first algorithm includes multiple algorithms, each of the multiple algorithms included in the at least one first algorithm Corresponds to an algorithm type.
  • the algorithm type corresponding to the at least one first algorithm is one or more algorithm types, the algorithm type with the highest priority supported by the first node.
  • At least one first algorithm corresponds to an algorithm type
  • the algorithm type may correspond to multiple algorithms with different priorities
  • the first algorithm is the algorithm corresponding to the algorithm type
  • the first node supports The algorithm with the highest priority.
  • the algorithm type corresponds to only one algorithm
  • the first algorithm includes an algorithm corresponding to the algorithm type.
  • At least one first algorithm includes one algorithm
  • the first algorithm negotiation request information indicates algorithm 3, algorithm 4, algorithm 1, and algorithm 2, and the priority of algorithm 3> the priority of algorithm 4> the priority of algorithm 1.
  • the priority of algorithm 2 is taken as an example. If the algorithm supported by the first node includes algorithm 4 and algorithm 1, then the at least one first algorithm is algorithm 4, and if the algorithm supported by the first node includes algorithm 3 and algorithm 1, then the At least one first algorithm is algorithm 3.
  • At least one first algorithm includes one algorithm
  • the priority list of the algorithm is shown in Table 5
  • the first algorithm negotiation request information indicates Algorithm 5, Algorithm 6, Algorithm 3, and Algorithm 2 as an example, if the first node
  • the supported algorithms include Algorithm 6, Algorithm 3, and Algorithm 1, and the at least one first algorithm is Algorithm 6. If the algorithm supported by the first node includes Algorithm 5, Algorithm 4, and Algorithm 2, then the at least one first algorithm is Algorithm 5.
  • At least one first algorithm corresponds to multiple algorithm types, and the multiple algorithm types have the same priority.
  • Each algorithm type can correspond to one or more algorithms with different priorities.
  • At least one first algorithm includes the algorithm with the highest priority supported by the first node among the algorithms corresponding to each of the above multiple algorithm types, or a certain If each algorithm type corresponds to only one algorithm, the at least one first algorithm includes the one algorithm corresponding to the algorithm type.
  • the priority list of the algorithms is shown in Table 6, and the first algorithm negotiation request information indicates Algorithm 5, Algorithm 6, Algorithm 3, and Algorithm 2 as an example, Table 6
  • the priority of the encryption algorithm and the integrity protection algorithm is the same, the priority of the encryption algorithm and the integrity protection algorithm is greater than the priority of the authentication encryption algorithm, and for the encryption algorithm, the priority of algorithm 5 is greater than or equal to algorithm 6.
  • the priority of algorithm 3 is greater than or equal to the priority of algorithm 4
  • the priority of algorithm 1 is greater than or equal to the priority of algorithm 2
  • the algorithm supported by the first node Including Algorithm 5, Algorithm 6, Algorithm 3, Algorithm 4, and Algorithm 1
  • at least one first algorithm includes Algorithm 5 and Algorithm 3.
  • the first node may also determine some of the multiple algorithm types as at least one algorithm type.
  • the algorithm type corresponding to the first algorithm Exemplarily, among the algorithm types of the algorithms indicated by the first algorithm negotiation request information, the algorithm types with the highest priority are the encryption algorithm and the integrity protection algorithm, and the first node determines the integrity protection algorithm as at least one corresponding to the first algorithm Algorithm type.
  • the encryption algorithm may not be used for encryption.
  • the expression "determine algorithm type" is used to facilitate the elaboration of the solution. However, in the actual solution, the algorithm type may not be determined separately, and at least one first algorithm corresponding to the algorithm type may be directly determined.
  • the encryption algorithm may include a null encryption algorithm.
  • the null encryption algorithm is used to generate a key stream of all 0s, or in other words, the null encryption algorithm can mean that the information is not encrypted.
  • the at least one first algorithm includes a null encryption algorithm, it means that the communication information between the first node and the second node is not encrypted.
  • Tables 4 to 6 are only examples of priority lists of algorithms. In specific applications, the priority lists of algorithms may also be in other forms, which are not limited.
  • the priority of the algorithm is related to the security of the algorithm.
  • an algorithm with higher security has a higher priority
  • an algorithm with lower security has a lower priority.
  • the priority of KDF is related to the security of KDF.
  • a KDF with higher security has a higher priority
  • a KDF with lower security has a lower priority.
  • the at least one first KDF is a KDF with the highest priority supported by the first node among one or more KDFs.
  • the at least one first KDF is the one with the highest priority supported by the first node among the one or more KDFs; if the at least one first KDF includes m KDFs, m is a positive integer greater than 1, and at least one first KDF is the first m KDFs with the highest priority supported by the first node among one or more KDFs.
  • the first algorithm negotiation request information indicates KDF1, KDF2, and KDF3, the priority of KDF1> the priority of KDF2> the priority of KDF3 as an example, if the first node supports The KDF includes KDF2 and KDF3, and at least one first KDF is KDF2; if the KDF supported by the first node includes KDF1 and KDF2, at least one first KDF is KDF1.
  • Step 303 The first node sends the first information to the second node.
  • the first information is used to indicate at least one first algorithm and at least one first KDF, so that the first node uses at least one first algorithm and at least one first KDF to communicate with the second node.
  • the first information is integrity protected by at least one first algorithm; or, the first information is encrypted by at least one first algorithm and integrity protected by at least one first algorithm; or, the first information is Encrypted by at least one first algorithm.
  • the first information includes the second information and the first MAC.
  • the second information is used to indicate at least one first algorithm and at least one first KDF.
  • the second information includes at least one first algorithm and at least one first KDF information.
  • the second information includes at least one identifier of the first algorithm and at least one identifier of the first KDF.
  • the first MAC is obtained by performing integrity protection on the second information.
  • At least one first algorithm includes an integrity protection algorithm, or at least one first algorithm includes an integrity protection algorithm and an encryption algorithm, and the first MAC is obtained by performing integrity protection on the second information through the integrity protection algorithm
  • at least one first algorithm includes an authentication encryption algorithm, and the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm.
  • the first information may indicate at least one first algorithm and at least one first KDF in any of the following manners.
  • the second information includes the identification of the first algorithm and the identification of the first KDF.
  • the first information is used to indicate algorithm 1 and KDF2; when the second information includes ID2 and ID4, the first information A message is used to indicate Algorithm 2 and KDF1.
  • the algorithm/KDF identification is shown in Table 7.
  • the second information includes 16 bits, among which, the first 1-4 bits are used to indicate the identification of the encryption algorithm, and the 5th-8th bits are used to indicate the integrity
  • the identity of the security protection algorithm the 9th-12th bits are used to indicate the identity of the authentication encryption algorithm
  • the 13th-16th bits are used to indicate the identity of the KDF as an example.
  • the encryption algorithm includes Algorithm 1, Algorithm 2, and Algorithm 3.
  • the identifier of algorithm 1 is 0000
  • algorithm 1 is a null encryption algorithm, which is used to generate a key stream of all 0s
  • the identifier of algorithm 2 is 0001
  • the identifier of algorithm 3 is 0010.
  • the integrity protection algorithm includes algorithm 4 and algorithm 5.
  • the identifier of algorithm 4 is 0001, the identifier of algorithm 5 is 0010, the authentication encryption algorithm includes algorithm 6, the identifier of algorithm 6 is 0011, the KDF includes KDF1 and KDF2, the identifier of KDF1 is 0001, and the identifier of KDF2 is 0010. If the second If the information includes 0001000100000001, the first information is used to indicate algorithm 2, algorithm 4, and KDF1, and if the second information includes 0000000000110010, the first information is used to indicate algorithm 6 and KDF2.
  • Table 7 is only an example of the algorithm/KDF identification.
  • the algorithm/KDF identification may also be in other forms and is not limited.
  • the second information includes a bit sequence, one bit in the bit sequence corresponds to an algorithm or a KDF, for example, one bit in the bit sequence corresponds to one or more algorithms indicated by the first algorithm negotiation request information , Or one bit in the bit sequence corresponds to the KDF indicated by the first algorithm negotiation request information.
  • Each bit in the bit sequence may use 0 or 1 to indicate whether the first algorithm includes the algorithm corresponding to the bit, or whether the first KDF includes the KDF corresponding to the bit. For example, if the bit is 1, it may indicate that the first algorithm includes the algorithm corresponding to the bit, or the first KDF includes the KDF corresponding to the bit, and if the bit is 0, it may indicate that the first algorithm does not include the algorithm corresponding to the bit. Or the first KDF does not include the KDF corresponding to the bit, and vice versa.
  • the second information includes 5 bits, the first bit of the 5 bits corresponds to algorithm 1, the second bit corresponds to algorithm 2, the third bit corresponds to algorithm 3, and the fourth bit corresponds to the secret.
  • the key KDF1 corresponds, and the fifth bit corresponds to the key KDF2 as an example. If the 5 bits are 01010, it can indicate that the first algorithm includes algorithm 2, and the first KDF includes KDF1; if the 5 bits are 11001, it can indicate the first algorithm. Including Algorithm 1 and Algorithm 2, the first KDF includes KDF2.
  • the second information includes two bit sequences, and the lengths of the two bit sequences may be the same or different.
  • one bit in the bit sequence corresponds to an algorithm, for example, one bit in the bit sequence corresponds to one or more algorithms indicated by the first algorithm negotiation request information.
  • Each bit in the bit sequence may use 0 or 1 to indicate whether the first algorithm includes the algorithm corresponding to the bit. For example, if the bit is 1, it may indicate that the first algorithm includes the algorithm corresponding to the bit, and if the bit is 0, it may indicate that the first algorithm does not include the algorithm corresponding to the bit, and vice versa.
  • one bit in the bit sequence corresponds to one KDF
  • one bit in the bit sequence corresponds to the KDF indicated by the first algorithm negotiation request information.
  • Each bit in the bit sequence may use 0 or 1 to indicate whether the first KDF includes the KDF corresponding to the bit. For example, if the bit is 1, it may indicate that the first KDF includes the KDF corresponding to the bit, and if the bit is 0, it may indicate that the first KDF does not include the KDF corresponding to the bit, and vice versa.
  • the second information includes two bit sequences, one of the bit sequences is 3 bits, the first bit of the 3 bits corresponds to Algorithm 1, the second bit corresponds to Algorithm 2, and the third bit and Algorithm 3 corresponds to, the other bit sequence is 2 bits, the first bit of the 2 bits corresponds to the key KDF1, and the second bit corresponds to the key KDF2 as an example.
  • the second information includes 110 and 01, you can It means that the first algorithm includes algorithm 1 and algorithm 2, and the first KDF includes KDF2; if the second information includes 010 and 10, it can indicate that the first algorithm includes algorithm 2, and the first KDF includes KDF1.
  • the second information further includes information irrelevant to the first algorithm and the indication of the first KDF.
  • the second information further includes the first verification information; or, the second information further includes the first freshness parameter and the first verification information; or, the second information further includes one or more algorithms used to indicate step 301 and One or more KDF instructions.
  • the first freshness parameter is a parameter related to the timeliness of the first information.
  • the first freshness parameter includes the value of a counter in the first node or a second random number.
  • the value of the counter may be the value of the counter of the first node when the first node determines to send the first information, and the counter may be used to record the number of communications between the first node and the second node.
  • the second random number may be a random number generated when the first node determines to send the first information.
  • the first verification information is used by the second node to verify whether the first algorithm negotiation request information received by the first node is modified.
  • the first verification information is obtained according to the first algorithm negotiation request information received by the first node, the preset shared key, and the second KDF.
  • AUTH 1 second KDF (K, first algorithm negotiation request information).
  • K is the preset shared key
  • the preset shared key is preset.
  • the preset shared key can be pre-configured to the corresponding node through any other device.
  • the second KDF may be the same as or different from the first KDF. If the second KDF is different from the first KDF, the second KDF may be a KDF preset in the first node and the second node.
  • the first verification information is based on the first algorithm negotiation request information received by the first node, the preset shared key, and the first verification information.
  • a freshness parameter and a second KDF are obtained.
  • AUTH 1 second KDF (K, first freshness parameter, first algorithm negotiation request information)
  • the introduction of AUTH 1, K and second KDF can refer to the above examples, and will not be repeated.
  • the second information further includes indication information for indicating one or more algorithms and one or more KDFs in step 301, after the subsequent second node receives the indication information, it can determine the second node according to the indication information.
  • An algorithm negotiation request information whether the algorithm and KDF are modified.
  • first information is encrypted by at least one first algorithm and integrity protection is performed by at least one first algorithm:
  • the first information includes encryption information, second communication information, and second MAC.
  • the encrypted information is obtained after encrypting the first communication information, and the first communication information does not indicate at least one of at least one first algorithm or at least one first KDF.
  • the second communication information is used to indicate at least one of at least one first algorithm and at least one first KDF.
  • the second MAC is obtained by performing integrity protection on the encrypted information and the second communication information.
  • the at least one first algorithm includes an encryption algorithm and an integrity protection algorithm, the encrypted information is obtained by performing encryption processing on the first communication information through the encryption algorithm, and the second MAC is used to pass the integrity of the encrypted information and the second communication information.
  • the protection algorithm is obtained by integrity protection; or, at least one of the first algorithms includes an authentication encryption algorithm, the encrypted information is obtained after the first communication information is encrypted through the authentication encryption algorithm, and the second MAC is the encryption information and the second
  • the communication information is obtained through integrity protection of the authentication encryption algorithm. Specifically, reference may be made to the method shown in FIG. 4 or FIG. 5 below.
  • the first information may indicate at least one first algorithm and at least one first KDF in any of the following ways: the second communication information includes the identification of the first algorithm and the identification of the first KDF; or, the second The communication information includes a bit sequence, one bit in the bit sequence corresponds to an algorithm or one KDF; or, the second communication information includes two bit sequences, and for one bit sequence, one bit in the bit sequence corresponds to an algorithm Correspondingly, for the other bit sequence, one bit in the bit sequence corresponds to one KDF.
  • the second communication information includes the identification of the first algorithm and the identification of the first KDF; or, the second The communication information includes a bit sequence, one bit in the bit sequence corresponds to an algorithm or one KDF; or, the second communication information includes two bit sequences, and for one bit sequence, one bit in the bit sequence corresponds to an algorithm Correspondingly, for the other bit sequence, one bit in the bit sequence corresponds to one KDF.
  • mode 2.1 to mode 2.3 which will not be repeated.
  • the first communication information includes information irrelevant to the first algorithm and the indication of the first KDF.
  • the first communication information includes first verification information; or, the first communication information includes the first freshness parameter and the first verification information; or, the first communication information includes one or more algorithms used to indicate step 301 and One or more KDF instructions.
  • the first verification information, the first freshness parameter, and the instruction information used to indicate one or more algorithms and one or more KDFs in step 301 please refer to the above-mentioned second information including the first algorithm and the first algorithm. The corresponding description of a KDF irrelevant information will not be repeated.
  • the first node first encrypts the information and then obtains the second MAC.
  • the first node may also obtain the second MAC first, and then encrypts the first communication information, which is not limited.
  • the difference is that when the first node encrypts the information first and then obtains the second MAC, after the second node receives the first information, it must first verify the integrity of the first information, and decrypt the encrypted information after verifying that the first information is complete. .
  • the first node first obtains the second MAC and then encrypts the first communication information, after receiving the first information, the second node decrypts the encrypted information first, and then verifies the integrity of the first information.
  • the first information includes encrypted information and second communication information.
  • the encrypted information is obtained after the first communication information is encrypted.
  • the at least one first algorithm includes an encryption algorithm.
  • the encrypted information is obtained after encrypting the first communication information through an encryption algorithm.
  • the encrypted information is obtained by encrypting the first communication information with an encryption key.
  • the encryption key please refer to the method shown in Figure 5 below, which will not be repeated.
  • the sender when the first node communicates with the second node, the sender can encrypt the information to be sent with the encryption key to obtain encrypted information, and send the encrypted information to receiver. After receiving the encrypted information, the receiver can decrypt the encrypted information with the encryption key to obtain the information to be sent by the sending method. In this way, the security of communication between the first node and the second node can be improved.
  • the second node may receive the first information from the first node. Subsequently, the second node uses at least one first algorithm and at least one first KDF to communicate with the first node.
  • the second node needs to verify the integrity of the first information. If the first information is integrity protected by at least one first algorithm, the second node receives the first information, obtains an authentication encryption key according to at least one first KDF, and obtains third information according to at least one first algorithm and second information. MAC and verify the integrity of the first information through the third MAC. For details, refer to the method shown in FIG. 6 or FIG. 7 below. If the first information is encrypted by at least one first algorithm and integrity protection is performed by at least one first algorithm, the second node receives the first information, and obtains the first information according to the at least one first algorithm, encryption information, and second communication information. Four MACs, and verify the integrity of the first information through the fourth MAC. For details, refer to the method shown in FIG. 4 or FIG. 5 below.
  • the second node after receiving the first information, the second node sends confirmation information to the first node.
  • the confirmation information is used to indicate that the second node has received the first information.
  • the second node after receiving the first information, sends second verification information to the first node.
  • the second verification information is used by the first node to verify whether the first information received by the second node is modified.
  • AUTH 2 second KDF(K, first information)
  • the first node receives the second verification information
  • it obtains the third verification information according to the first information, the preset shared key and the second KDF, for example, AUTH 3 second KDF(K, first One information).
  • AUTH 3 second KDF(K, first One information.
  • AUTH 2 is the second verification information
  • AUTH 3 is the third verification information
  • K is a preset shared key
  • the second KDF may be the same or different from the first KDF. If the second KDF is different from the first KDF, the second KDF may be a KDF preset in the first node and the second node.
  • AUTH 3 th Two KDF (K, the second freshness parameter, the first information). If the third verification information and the second verification information are the same, it means that the first information received by the second node has not been modified.
  • the third verification information and the second verification information are not the same, it means that the first information received by the second node is not the same.
  • the information is modified.
  • the introduction of AUTH 2, AUTH 3, K, and the second KDF can refer to the above examples, and will not be repeated.
  • the confirmation information or the second verification information is integrity protected by at least one first algorithm.
  • first algorithm For the process of performing integrity protection of the confirmation information or the second verification information through at least one first algorithm, refer to the following method shown in FIG. 4, FIG. 5, FIG. 6 or FIG. 7, where the first information passes through at least one first algorithm The description of integrity protection will not be repeated.
  • the second node may send to the first node first algorithm negotiation request information for indicating one or more algorithms and one or more KDFs.
  • the first node may determine at least one first algorithm and at least one first KDF according to the first algorithm negotiation request information, and send to the second node an indication of at least one first algorithm And first information of at least one first KDF.
  • the first node and the second node can use at least one first algorithm to communicate with at least one first KDF, so that the first node and the second node can use the same algorithm to communicate between the first node and the second node.
  • Information is encrypted or decrypted.
  • the first information includes encryption information, second communication information, and second MAC.
  • the first algorithms includes an authenticated encryption algorithm
  • the encrypted information is obtained after the first communication information is encrypted through the authenticated encryption algorithm
  • the second MAC is the integrity protection of the encrypted information and the second communication information through the authenticated encryption algorithm owned.
  • the second node can obtain the fourth MAC according to the authentication encryption algorithm, the encryption information, and the second communication information, and verify the integrity of the first information through the fourth MAC.
  • the method shown in FIG. 3 further includes steps 401-404.
  • Step 401 The first node obtains an authentication encryption key according to at least one first KDF.
  • the authentication encryption key can be used to encrypt the first communication information, or the authentication encryption key can be used to decrypt the encrypted information, and the authentication encryption key can be used to protect the integrity of the second communication information and the encrypted information, or The authentication encryption key can be used to verify the integrity of the second communication information and the encrypted information.
  • the first node can obtain the authentication encryption key by any of the following methods.
  • the first character string may be used to identify the authentication encryption algorithm. For example, if at least one of the first algorithms is an authentication encryption algorithm of the user plane, the first character string may be "user auth enc" which can identify the authentication encryption algorithm of the user plane.
  • K c the first KDF(K, C, The first character string, the first identifier)
  • K c the authentication encryption key
  • K is the shared key
  • C is the second freshness parameter.
  • the first identifier may be used to identify the KDF used to generate the authentication encryption key.
  • the first identifier may be the identifier of the first KDF.
  • the first identification may include numbers and/or characters.
  • the first character string in mode 3.4 can be an optional parameter.
  • the first node obtains the first intermediate key according to the shared key and the second freshness parameter; the first node obtains authentication and encryption according to the first intermediate key, and at least one of the first identification and the first character string Key.
  • KDF1 and KDF2 may be included in at least one first KDF.
  • KDF1 and KDF2 can be the same or different. For example, if at least one first KDF includes one KDF, KDF1 and KDF2 are the same; if at least one first KDF includes two or more KDFs, KDF1 and KDF2 are different.
  • the shared key in the foregoing manner is preset in the first node, or the shared key in the foregoing manner is calculated by the first node before step 401.
  • the second MAC is obtained according to the authentication encryption algorithm, the encryption information, the second communication information, and the authentication encryption key.
  • the first node uses the encrypted information, the second communication information, and the authentication encryption key as the input of the authentication encryption algorithm to obtain the second MAC.
  • Step 402 The second node obtains an authentication encryption key according to at least one first KDF.
  • the second node For the specific process for the second node to obtain the authentication encryption key according to the at least one first KDF, refer to the corresponding introduction in step 401 that the first node obtains the authentication encryption key according to the at least one first KDF, which will not be repeated.
  • Step 403 The second node obtains the fourth MAC according to the authentication encryption algorithm, the encryption information, and the second communication information.
  • the second node obtains the fourth MAC according to the authentication encryption algorithm, the encryption information, the second communication information, and the authentication encryption key. For example, the second node uses the encrypted information, the second communication information, and the authentication encryption key as the input of the authentication encryption algorithm to obtain the fourth MAC.
  • the second node may also perform integrity protection on the encrypted information and part of the information in the second communication information. For example, the second node obtains the fourth MAC according to the encrypted information and part of the information in the second communication information, the authentication encryption algorithm, and the authentication encryption key.
  • Step 404 If the fourth MAC is the same as the second MAC, the second node decrypts the encrypted information through the authentication encryption algorithm.
  • the fourth MAC is the same as the second MAC, it means that the first communication information has not been modified, and the second node decrypts the encrypted information by using the authentication encryption key to obtain the first communication information.
  • the fourth MAC is different from the second MAC, it indicates that the first communication information is modified and the second node discards the first information.
  • the second node may perform step 301 again, or the second node may instruct the first node to re-determine at least one first algorithm and the first KDF.
  • the first communication information includes indication information for indicating one or more algorithms and one or more KDFs
  • the second node after the second node obtains the first communication information, it can also verify one or more of the first communication information. Whether the multiple algorithms and one or more KDFs and the first algorithm negotiation request information include one or more algorithms and one or more KDFs are the same. If they are the same, it means that the first algorithm negotiation request information has not been modified, and the communication environment between the first node and the second node is secure. If they are not the same, it means that the first algorithm negotiation request information is modified, and the communication environment between the first node and the second node is not secure.
  • the second node verifies whether the first algorithm negotiation request information is modified through the first verification information. If the first algorithm negotiation request information is not modified, the communication environment between the first node and the second node is secure, and if the first algorithm negotiation request information is modified, the communication environment between the first node and the second node is not secure.
  • the first node and the second node can obtain the authentication encryption key according to the at least one first KDF. Subsequently, the first node may encrypt the first communication information with the authentication encryption key to obtain the encrypted information, obtain the second MAC according to the authentication encryption algorithm, the encryption information, the second communication information, and the authentication encryption key, and use the second MAC pair The first information is integrity protected. The second node may obtain the fourth MAC according to the authentication encryption algorithm, the encryption information, the second communication information, and the authentication encryption key, and verify the integrity of the first information through the fourth MAC.
  • the first communication information can be encrypted by the authenticated encryption algorithm, and the integrity of the first information can also be protected by the authenticated encryption algorithm, so the communication between the first node and the second node can be improved. Security.
  • the first information includes encryption information, second communication information, and second MAC.
  • the first algorithms includes an encryption algorithm and an integrity protection algorithm
  • the encrypted information is obtained after the first communication information is encrypted through the encryption algorithm
  • the second MAC is the encryption information and the second communication information through the integrity protection algorithm Obtained by integrity protection.
  • the second node can obtain the fourth MAC according to the integrity protection algorithm, the encryption information, and the second communication information, and verify the integrity of the first information through the fourth MAC.
  • the method shown in FIG. 3 further includes step 501-step 504.
  • Step 501 The first node obtains an encryption key and an integrity protection key according to at least one first KDF.
  • the encryption key can be used to encrypt the first communication information, or the encryption key can be used to decrypt the encrypted information.
  • the integrity protection key may be used to protect the integrity of the second communication information and the encrypted information, or the integrity protection key may be used to verify the integrity of the second communication information and the encrypted information.
  • the first node can obtain the encryption key and the integrity protection key in any of the following ways.
  • the second character string may be used to identify an encryption algorithm.
  • the second character string may be "signalling enc".
  • the third character string may be used to identify the integrity protection algorithm. For example, if at least one of the first algorithms is an integrity protection algorithm on the signaling plane, the third character string may be "signalling int".
  • K int the first KDF (K, C, third String, the third identifier)
  • Kenc the encryption key
  • K is the shared key
  • C is the second freshness parameter
  • K int is the integrity protection key
  • the value of the second string and the third string For the introduction, please refer to the above method 3.3, so I won’t repeat it.
  • the second identifier may be used to identify the KDF used to generate the encryption key.
  • the second identifier may be the identifier of the first KDF that generated the encryption key.
  • the third identifier may be used to
  • the second identification or the third identification may include numbers and/or characters.
  • the second character string and the third character string in way 4.4 may be optional parameters.
  • the first node obtains the second intermediate key according to the shared key and the second freshness parameter; the first node obtains the encrypted secret according to the second intermediate key, and at least one of the second identification and the second character string key.
  • the first node obtains the third intermediate key according to the shared key and the second freshness parameter; the first node obtains the integrity protection key according to the third intermediate key, and at least one of the third identification and the third character string .
  • K mid2 is the second intermediate key
  • K is the shared key
  • C is the second freshness parameter
  • Kenc is the encryption key
  • K mid3 is the third intermediate key
  • K int is the integrity protection key.
  • KDF3, KDF4, KDF5, and KDF6 may be included in at least one first KDF.
  • KDF3 and KDF4 can be the same or different.
  • KDF5 and KDF6 can be the same or different.
  • K int KDF6 (KDF5 (K, C), the third algorithm, the third character string).
  • the shared key in the foregoing manner is preset in the first node, or the shared key in the foregoing manner is calculated by the first node before step 501.
  • the first KDF that generates the encryption key and the first KDF that generates the integrity protection key are the same or different.
  • the at least one first KDF includes one KDF, and the first KDF that generates the encryption key is the same as the first KDF that generates the integrity protection key; the at least one first KDF includes multiple KDFs, and the first KDF that generates the encryption key A KDF is different from the first KDF that generates the integrity protection key.
  • the second MAC is obtained according to the integrity protection algorithm, the encryption information, the second communication information, and the integrity protection key.
  • the first node uses the encryption information, the second communication information, and the integrity protection key as the input of the integrity protection algorithm to obtain the second MAC.
  • Step 502 The second node obtains an encryption key and an integrity protection key according to at least one first KDF.
  • the second node For the specific process for the second node to obtain the encryption key and the integrity protection key according to the at least one first KDF, refer to the corresponding introduction of the first node to obtain the encryption key and the integrity protection key according to the at least one first KDF in step 501 , Do not repeat it.
  • Step 503 The second node obtains the fourth MAC according to the integrity protection algorithm, the encryption information, and the second communication information.
  • the second node obtains the fourth MAC according to the integrity protection algorithm, the encryption information, the second communication information, and the integrity protection key. For example, the second node uses the encrypted information, the second communication information, and the integrity protection key as the input of the integrity protection algorithm to obtain the fourth MAC.
  • the second node may also perform integrity protection on the encrypted information and part of the information in the second communication information. For example, the second node obtains the fourth MAC according to the encrypted information and part of the information in the second communication information, the integrity protection algorithm, and the integrity protection key.
  • Step 504 If the fourth MAC is the same as the second MAC, the second node decrypts the encrypted information through the encryption algorithm.
  • the fourth MAC is the same as the second MAC, it means that the first communication information has not been modified, and the second node decrypts the encrypted information using the encryption key to obtain the first communication information.
  • the fourth MAC is different from the second MAC, it indicates that the first communication information is modified and the second node discards the first information.
  • the second node may perform step 301 again, or the second node may instruct the first node to re-determine at least one first algorithm and the first KDF.
  • the first communication information includes indication information for indicating one or more algorithms and one or more KDFs
  • the second node after the second node obtains the first communication information, it can also verify one or more of the first communication information. Whether the multiple algorithms and one or more KDFs and the first algorithm negotiation request information include one or more algorithms and one or more KDFs are the same. If they are the same, it means that the first algorithm negotiation request information has not been modified, and the communication environment between the first node and the second node is secure. If they are not the same, it means that the first algorithm negotiation request information is modified, and the communication environment between the first node and the second node is not secure.
  • the second node verifies whether the first algorithm negotiation request information has been modified through the first verification information. If the first algorithm negotiation request information is not modified, the communication environment between the first node and the second node is secure, and if the first algorithm negotiation request information is modified, the communication environment between the first node and the second node is not secure.
  • the first node and the second node can obtain the encryption key and the integrity protection key according to the at least one first KDF. Subsequently, the first node may encrypt the first communication information with the encryption key to obtain the encrypted information, and obtain the second MAC according to the integrity protection algorithm, the encryption information, the second communication information, and the integrity protection key. The integrity of the first information is protected. The second node may obtain the fourth MAC according to the integrity protection algorithm, the encryption information, the second communication information, and the integrity protection key, and verify the integrity of the first information through the fourth MAC.
  • the first communication information can be encrypted by the encryption algorithm, and the integrity protection of the first information can also be performed by the integrity protection algorithm, so the communication between the first node and the second node can be improved. Security.
  • the first information includes the second information and the first MAC.
  • the first MAC is obtained by performing integrity protection on the second information through the integrity protection algorithm.
  • the second node can obtain the third MAC according to the integrity protection algorithm, the second information and the integrity protection key, and verify the integrity of the first information through the third MAC.
  • the method shown in FIG. 3 further includes step 601 to step 603.
  • Step 601 The first node obtains an integrity protection key according to at least one first KDF.
  • step 601 For the specific process of step 601, reference may be made to the corresponding description in step 501, which is not repeated here.
  • the first MAC is obtained according to the integrity protection algorithm, the second information and the integrity protection key.
  • the first node uses the second information and the integrity protection key as the input of the integrity protection algorithm to obtain the first MAC.
  • the first node obtains an encryption key according to at least one first KDF, so that the subsequent first node and the second node encrypt or decrypt the communication information between the first node and the second node through the encryption key, which improves The security of the communication between the first node and the second node.
  • first KDF the encryption key according to at least one first KDF
  • Step 602 The second node obtains an integrity protection key according to at least one first KDF.
  • step 602 For the specific process of step 602, reference may be made to the corresponding description in step 502, which is not repeated here.
  • the second node obtains the encryption key according to at least one KDF.
  • the process by which the second node obtains the encryption key according to the at least one first KDF reference may be made to the corresponding description in the foregoing step 502, which will not be repeated.
  • Step 603 The second node obtains the third MAC according to the integrity protection algorithm and the second information.
  • the third MAC can be used to verify the integrity of the second information.
  • the second node obtains the third MAC according to the integrity protection algorithm, the second information, and the integrity protection key. For example, the second node uses the second information and the integrity protection key as the input of the integrity protection algorithm to obtain the third MAC.
  • the second node may also perform integrity protection on part of the information in the second information. For example, the second node obtains the third MAC according to part of the information in the second information, the integrity protection algorithm, and the integrity protection key.
  • the third MAC is the same as the first MAC, it means that the second information has not been modified, and the second node and the first node may use at least one first algorithm and at least one first KDF to communicate. If the third MAC is different from the first MAC, it means that the first information has been modified, and the second node may perform step 301 again, or the second node may instruct the first node to re-determine at least one first algorithm and first KDF.
  • the first communication information includes indication information for indicating one or more algorithms and one or more KDFs
  • the second node after the second node obtains the first communication information, it can also verify one or more of the first communication information. Whether the multiple algorithms and one or more KDFs and the first algorithm negotiation request information include one or more algorithms and one or more KDFs are the same. If they are the same, it means that the first algorithm negotiation request information has not been modified, and the communication environment between the first node and the second node is secure. If they are not the same, it means that the first algorithm negotiation request information is modified, and the communication environment between the first node and the second node is not secure.
  • the second node verifies whether the first algorithm negotiation request information is modified through the first verification information. If the first algorithm negotiation request information is not modified, the communication environment between the first node and the second node is secure, and if the first algorithm negotiation request information is modified, the communication environment between the first node and the second node is not secure.
  • the first node and the second node can obtain the encryption key and the integrity protection key according to the at least one first KDF. Subsequently, the first node may obtain the first MAC according to the integrity protection algorithm, the second information, and the integrity protection key, and perform integrity protection on the first information through the first MAC. The second node can obtain the third MAC according to the integrity protection algorithm, the second information, and the integrity protection key, and verify the integrity of the first information through the third MAC. In this way, when the first node and the second node communicate, the integrity of the first information can be protected by the integrity protection algorithm, so the security of the communication between the first node and the second node can be improved.
  • the first information includes the second information and the first MAC.
  • the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm.
  • the second node can obtain the third MAC according to the authentication encryption algorithm, the second information, and the authentication encryption key, and verify the integrity of the first information through the third MAC.
  • the method shown in FIG. 3 further includes step 701-step 703.
  • Step 701 The first node obtains an authentication encryption key according to at least one first KDF.
  • step 701 For the specific process of step 701, reference may be made to the corresponding description in the foregoing step 401, which will not be repeated.
  • the first MAC is obtained according to the authentication encryption algorithm, the second information, and the authentication encryption key.
  • the first node uses the second information and the authentication encryption key as the input of the authentication encryption algorithm to obtain the first MAC.
  • Step 702 The second node obtains an authentication encryption key according to at least one first KDF.
  • step 702 For the specific process of step 702, reference may be made to the corresponding description in step 402, which is not repeated here.
  • Step 703 The second node obtains the third MAC according to the authentication encryption algorithm and the second information.
  • the third MAC can be used to verify the integrity of the second information.
  • the second node obtains the third MAC according to the authentication encryption algorithm, the second information, and the authentication encryption key. For example, the second node uses the second information and the authentication encryption key as the input of the authentication encryption algorithm to obtain the third MAC.
  • the second node may also perform integrity protection on part of the information in the second information. For example, the second node obtains the third MAC based on part of the information in the second information, the authentication encryption algorithm, and the authentication encryption key.
  • the third MAC is the same as the first MAC, it means that the second information has not been modified, and the second node and the first node can communicate with at least one first algorithm and at least one first KDF. If the third MAC is different from the first MAC, it means that the first information has been modified, and the second node may perform step 301 again, or the second node may instruct the first node to re-determine at least one first algorithm and first KDF.
  • the first communication information includes indication information for indicating one or more algorithms and one or more KDFs, and the case when the first communication information includes the first verification information, refer to FIG. 6 above. The description in the method will not be repeated.
  • the first node and the second node can obtain the authentication encryption key according to the at least one first KDF. Subsequently, the first node may obtain the first MAC according to the authentication encryption algorithm, the second information, and the authentication encryption key, and perform integrity protection on the first information through the first MAC.
  • the second node can obtain the third MAC according to the authentication encryption algorithm, the second information, and the authentication encryption key, and verify the integrity of the first information through the third MAC. In this way, when the first node and the second node communicate, the integrity of the first information can be protected by the authentication encryption algorithm, so the security of the communication between the first node and the second node can be improved.
  • the second node may send one or more algorithms and algorithms to the first node multiple times.
  • One or more KDF indication information so that the first node determines at least one first algorithm and at least one first KDF from the indication information sent multiple times.
  • the method shown in FIG. 3 further includes step 801 to step 802.
  • Step 801 The second node sends the second algorithm negotiation request information to the first node.
  • the second algorithm negotiation request information may be used to indicate one or more algorithms and one or more KDFs.
  • the one or more algorithms indicated by the second algorithm negotiation request information are different from the one or more algorithms indicated by the first algorithm negotiation request information.
  • the one or more algorithms indicated by the second algorithm negotiation request information are completely different from the one or more algorithms indicated by the first algorithm negotiation request information; or, the one or more algorithms indicated by the second algorithm negotiation request information, It is not completely the same as one or more algorithms indicated by the first algorithm negotiation request information.
  • the one or more KDFs indicated by the second algorithm negotiation request information are different from the one or more KDFs indicated by the first algorithm negotiation request information.
  • the one or more KDFs indicated by the second algorithm negotiation request information are completely different from the one or more KDFs indicated by the first algorithm negotiation request information; or, the one or more KDFs indicated by the second algorithm negotiation request information, It is not completely the same as one or more KDFs indicated by the first algorithm negotiation request information.
  • the second algorithm negotiation request information further includes the identifier of the second node and the third freshness parameter.
  • the identifier of the second node may be used to identify the second node.
  • the third freshness parameter is a parameter related to the timeliness of the second algorithm negotiation request information.
  • the third freshness parameter includes the value of a counter in the second node or a third random number.
  • the value of the counter may be the value of the counter of the second node when the second node determines to send the second algorithm negotiation request information, and the counter may be used to record the number of times of communication between the first node and the second node.
  • the third random number may be a random number generated by the second node when the second node determines to send the second algorithm negotiation request information.
  • step 801 For the specific process of step 801, refer to the corresponding description in the first algorithm negotiation request information sent by the second node to the first node in step 301, which will not be repeated.
  • Step 802 The first node receives the second algorithm negotiation request information from the second node, and sends the third information to the second node.
  • the third information may be used to indicate that one or more algorithms and one or more KDFs indicated by the second algorithm negotiation request information are not supported or not applicable.
  • the second node may perform step 801 again until the first node indicates according to the second node
  • One or more algorithms and one or more KDFs determine at least one first algorithm and at least one first KDF.
  • step 801 and step 802 can also be performed before step 301 of the method shown in FIG. 4, FIG. 5, FIG. 6 or FIG. limit.
  • the second node may send one or more algorithms and one or more KDF instructions to the first node multiple times information.
  • the second node may send one or more algorithms and one or more KDF indication information to the first node multiple times, and negotiate with the first node the algorithm and KDF adopted between the first node and the second node.
  • the foregoing mainly introduces the solution provided by the embodiment of the present application from the perspective of the interaction between the first node and the second node.
  • the first node or the second node, etc. include hardware structures and/or software modules corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of this application.
  • the embodiment of the present application can divide the first node or the second node into functional modules according to the above method examples.
  • each functional module can be divided corresponding to each function, or two or more functions can be integrated into one processing module. middle.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software function modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • FIG. 9 shows a schematic structural diagram of a communication device.
  • the communication device may be a first node or a chip or a system on a chip in the first node, and the communication device may be used to perform the functions of the first node involved in the foregoing embodiments.
  • the communication device shown in FIG. 9 includes: a receiving module 901, a processing module 902, and a sending module 903.
  • the receiving module 901 is configured to receive first algorithm negotiation request information from the second node, where the first algorithm negotiation request information is used to indicate one or more algorithms and one or more KDFs.
  • the processing module 902 is configured to determine at least one first algorithm among the one or more algorithms and at least one first KDF among the one or more KDFs.
  • the sending module 903 is configured to send first information to the second node, where the first information is used to indicate the at least one first algorithm and the at least one first KDF.
  • the one or more algorithms include encryption algorithms, and/or integrity protection algorithms, and/or authentication encryption algorithms.
  • the first information is integrity protected by the at least one first algorithm.
  • the first information includes second information and a first message authentication code MAC, where: the second information is used to indicate the at least one first algorithm and the at least one first KDF, and the first MAC is The second information is obtained through integrity protection.
  • the at least one first algorithm includes an integrity protection algorithm, and the first MAC is obtained by performing integrity protection on the second information through the integrity protection algorithm; or, the at least one first algorithm includes the The authentication encryption algorithm, the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm.
  • the second information further includes a first freshness parameter and first verification information
  • the first freshness parameter is a parameter related to the timeliness of the first information
  • the first verification information is based on the first freshness parameter. Algorithm negotiation request information, preset shared key, the first freshness parameter and the first KDF.
  • the first information includes encrypted information, second communication information, and a second message authentication code MAC, where: the encrypted information is obtained after encrypting the first communication information, and the first communication information does not indicate the At least one of the at least one first algorithm or the at least one first KDF, the second communication information is used to indicate at least one of the at least one first algorithm or the at least one first KDF; the second MAC is the encrypted information It is obtained by performing integrity protection with the second communication information.
  • the at least one first algorithm includes an encryption algorithm and an integrity protection algorithm; the encrypted information is obtained after the first communication information is encrypted through the encryption algorithm; the second MAC is the encrypted information and The second communication information is obtained by performing integrity protection through the integrity protection algorithm.
  • the at least one first algorithm includes an authenticated encryption algorithm; the encrypted information is obtained after the first communication information is encrypted through the authenticated encryption algorithm; the second MAC is the encrypted information and the second Communication information is obtained through integrity protection of the authentication encryption algorithm.
  • the at least one first algorithm is an algorithm with the highest priority supported by the communication device among the one or more algorithms;
  • the at least one first KDF is an algorithm supported by the communication device among the one or more KDFs The KDF with the highest priority.
  • the first algorithm negotiation request information further includes a second freshness parameter
  • the second freshness parameter is a parameter related to the timeliness of the first algorithm negotiation request information
  • the receiving module 901 is further configured to receive data from the The second verification information of the second node; wherein the second verification information is obtained according to the first information, the preset shared key, the second freshness parameter and the first KDF; the processing module 902 is also used for The second verification information is verified according to the first information, the preset shared key, the second freshness parameter, and the first KDF.
  • the receiving module 901 is further configured to receive second algorithm negotiation request information from the second node, where the second algorithm negotiation request information is used to indicate one or more algorithms and one or more KDFs; sending module 903 , Is also used to send third information to the second node, where the third information is used to indicate that the one or more algorithms and the one or more KDFs indicated by the second algorithm negotiation request information are not supported or not applicable.
  • the one or more algorithms indicated by the second algorithm negotiation request information are different from the one or more algorithms indicated by the first algorithm negotiation request information; the one or more KDFs indicated by the second algorithm negotiation request information are different One or more KDFs indicated by the first algorithm negotiation request information.
  • the communication device is presented in the form of dividing various functional modules in an integrated manner.
  • the "module” here may refer to a specific ASIC, a circuit, a processor and memory that executes one or more software or firmware programs, an integrated logic circuit, and/or other devices that can provide the above-mentioned functions.
  • the communication device may adopt the form shown in FIG. 2.
  • the processor 201 in FIG. 2 may invoke the computer-executable instructions stored in the memory 203 to cause the communication device to execute the communication method in the foregoing method embodiment.
  • the functions/implementation processes of the receiving module 901, the processing module 902, and the sending module 903 in FIG. 9 may be implemented by the processor 201 in FIG. 2 calling a computer execution instruction stored in the memory 203.
  • the function/implementation process of the processing module 902 in FIG. 9 can be implemented by the processor 201 in FIG. 2 calling a computer execution instruction stored in the memory 203, and the functions/implementation of the receiving module 901 and the sending module 903 in FIG. 9
  • the process can be implemented through the communication interface 204 in FIG. 2.
  • the communication device provided in this embodiment can execute the above-mentioned communication method, the technical effects that can be obtained can refer to the above-mentioned method embodiment, and details are not described herein again.
  • FIG. 10 shows a schematic structural diagram of a communication device.
  • the communication device may be a second node or a chip or a system on a chip in the second node, and the communication device may be used to perform the functions of the second node involved in the foregoing embodiments.
  • the communication device shown in FIG. 10 includes: a sending module 1001 and a receiving module 1002.
  • the sending module 1001 is configured to send first algorithm negotiation request information to a first node, where the first algorithm negotiation request information is used to indicate one or more algorithms and one or more KDFs.
  • the receiving module 1002 is configured to receive first information from the first node, where the first information is used to indicate at least one of the one or more algorithms and at least one of the one or more KDFs The first KDF.
  • the one or more algorithms include encryption algorithms, and/or integrity protection algorithms, and/or authentication encryption algorithms.
  • the first information is integrity protected by the at least one first algorithm.
  • the first information includes second information and a first message verification code MAC, where: the second information is used to indicate the at least one first algorithm and the at least one first KDF, and the first MAC is The second information is obtained through integrity protection.
  • the communication device further includes a processing module 1003; the at least one first algorithm includes an integrity protection algorithm, and the first MAC is used to complete the second information through the integrity protection algorithm.
  • the processing module 1003 is configured to obtain a third MAC according to the integrity protection algorithm and the second information, and the third MAC is used to verify the integrity of the second information; or, the at least one first
  • the algorithm includes an authentication encryption algorithm, and the first MAC is obtained by performing integrity protection on the second information through the authentication encryption algorithm; the processing module 1003 is configured to obtain a third MAC according to the authentication encryption algorithm and the second information , The third MAC is used to verify the integrity of the second information.
  • the second information further includes a first freshness parameter and first verification information
  • the first freshness parameter is a parameter related to the timeliness of the first information
  • the first verification information is based on the first freshness parameter. Algorithm negotiation request information, preset shared key, the first freshness parameter and the first KDF.
  • the first information includes encrypted information, second communication information, and a second message authentication code MAC, where: the encrypted information is obtained after encrypting the first communication information, and the first communication information does not indicate the At least one of the at least one first algorithm or the at least one first KDF, the second communication information is used to indicate at least one of the at least one first algorithm or the at least one first KDF; the second MAC is the encrypted information It is obtained by performing integrity protection with the second communication information.
  • the at least one first algorithm includes an encryption algorithm and an integrity protection algorithm
  • the encrypted information is obtained after the first communication information is encrypted by the encryption algorithm
  • the second MAC is the encrypted information and
  • the second communication information is obtained by performing integrity protection through the integrity protection algorithm
  • a processing module 1003, configured to obtain a fourth MAC according to the integrity protection algorithm, the encryption information, and the second communication information
  • the at least one first algorithm includes an authenticated encryption algorithm, and the encrypted information is obtained after the first communication information is encrypted by the authenticated encryption algorithm; the second MAC is the encrypted information and the second The communication information is obtained by integrity protection of the authentication encryption algorithm; the processing module 1003 is configured to obtain the fourth MAC according to the authentication encryption algorithm, the encryption information and the second communication information; the processing module 1003 is also used for The fourth MAC is the same as the second MAC, and the encrypted information is decrypted by the authentication encryption algorithm.
  • the at least one first algorithm is the algorithm with the highest priority supported by the first node among the one or more algorithms; the at least one first KDF is the first node among the one or more KDFs The KDF with the highest priority supported.
  • the first algorithm negotiation request information further includes a second freshness parameter
  • the second freshness parameter is a parameter related to the timeliness of the first algorithm negotiation request information
  • the sending module 1001 is also used to send the second freshness parameter to the A node sends second verification information; where the second verification information is obtained based on the first information, a preset shared key, the second freshness parameter, and the first KDF.
  • the sending module 1001 is further configured to send second algorithm negotiation request information to the first node, where the second algorithm negotiation request information is used to indicate one or more algorithms and one or more KDFs; the receiving module 1002, It is also used to receive third information from the first node, where the third information is used to indicate that the one or more algorithms and the one or more KDFs indicated by the second algorithm negotiation request information are not supported or not applicable.
  • the one or more algorithms indicated by the second algorithm negotiation request information are different from the one or more algorithms indicated by the first algorithm negotiation request information; the one or more KDFs indicated by the second algorithm negotiation request information are different One or more KDFs indicated by the first algorithm negotiation request information.
  • the communication device is presented in the form of dividing various functional modules in an integrated manner.
  • the "module” here may refer to a specific ASIC, a circuit, a processor and memory that executes one or more software or firmware programs, an integrated logic circuit, and/or other devices that can provide the above-mentioned functions.
  • the communication device may adopt the form shown in FIG. 2.
  • the processor 201 in FIG. 2 may invoke the computer-executable instructions stored in the memory 203 to cause the communication device to execute the communication method in the foregoing method embodiment.
  • the functions/implementation processes of the sending module 1001, the receiving module 1002, and the processing module 1003 in FIG. 11 may be implemented by the processor 201 in FIG. 2 calling a computer execution instruction stored in the memory 203.
  • the function/implementation process of the processing module 1003 in FIG. 11 can be implemented by the processor 201 in FIG. 2 calling a computer execution instruction stored in the memory 203, and the functions/implementation of the sending module 1001 and the receiving module 1002 in FIG. 11
  • the process can be implemented through the communication interface 204 in FIG. 2.
  • the communication device provided in this embodiment can execute the above-mentioned communication method, the technical effects that can be obtained can refer to the above-mentioned method embodiment, and details are not described herein again.
  • FIG. 12 shows a schematic diagram of the composition of a communication system.
  • the communication system 120 may include: a node 1201 and a node 1202. It should be noted that FIG. 12 is only an exemplary drawing, and the embodiment of the present application does not limit the nodes included in the communication system 120 shown in FIG. 12 and the number of nodes.
  • the node 1201 has the function of the communication device shown in FIG. 9 and is used to receive the first algorithm negotiation request information from the second node, and determine at least one first algorithm and the one or more of the one or more algorithms. At least one of the KDF is the first KDF, and sends the first information to the second node.
  • the node 1202 has the function of the communication device shown in FIG. 10 or FIG. 11, and can be used to send the first algorithm negotiation request information to the first node, and receive the first information from the first node.
  • FIG. 13 is a schematic structural diagram of a chip provided by an embodiment of the application.
  • the chip 130 includes one or more processors 1301 and an interface circuit 1302.
  • the chip 130 may further include a bus 1303. in:
  • the processor 1301 may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 1301 or instructions in the form of software.
  • the aforementioned processor 1301 may be a general-purpose processor, a digital communicator (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components .
  • DSP digital communicator
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the interface circuit 1302 is used for sending or receiving data, instructions or information.
  • the processor 1301 may use the data, instructions or other information received by the interface circuit 1302 to perform processing, and may send the processing completion information through the interface circuit 1302.
  • the chip 130 further includes a memory.
  • the memory may include a read-only memory and a random access memory, and provides operation instructions and data to the processor.
  • a part of the memory may also include non-volatile random access memory (NVRAM).
  • NVRAM non-volatile random access memory
  • the memory stores executable software modules or data structures
  • the processor can execute corresponding operations by calling operation instructions stored in the memory (the operation instructions may be stored in the operating system).
  • the chip 130 may be used in the communication device (including the first node and the second node) involved in the embodiment of the present application.
  • the interface circuit 1302 may be used to output the execution result of the processor 1301.
  • processor 1301 and the interface circuit 1302 can be implemented either through hardware design, through software design, or through a combination of software and hardware, which is not limited here.
  • An embodiment of the present application also provides a smart cockpit product, the smart cockpit product including the above-mentioned first node and/or the above-mentioned second node.
  • An embodiment of the present application also provides a smart device or a means of transportation, and the vehicle includes a first node and/or a second node.
  • the smart device may be a robot or the like
  • the transportation means may be a smart car, a drone, or an unmanned transportation vehicle, or the like.
  • the disclosed device and method can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be other division methods for example, multiple units or components may be It can be combined or integrated into another device, or some features can be omitted or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate parts may or may not be physically separate.
  • the parts displayed as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a readable storage medium.
  • the technical solutions of the embodiments of the present application are essentially or the part that contributes to the prior art, or all or part of the technical solutions can be embodied in the form of a software product, and the software product is stored in a storage medium. It includes several instructions to make a device (may be a single-chip microcomputer, a chip, etc.) or a processor (processor) execute all or part of the steps of the method described in each embodiment of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk and other media that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Selective Calling Equipment (AREA)

Abstract

本申请实施例提供通信方法及装置,涉及无线通信领域,例如短距离通信领域,适用于自动驾驶或者智能驾驶领域,例如座舱域控制。该方法包括:接收来自第二节点的用于指示一个或多个算法和一个或多个密钥派生函数的第一算法协商请求信息;确定该一个或多个算法中的至少一个第一算法和该一个或多个密钥派生函数中的至少一个第一密钥派生函数;向第二节点发送用于指示至少一个第一算法以及至少一个第一密钥派生函数的第一信息。

Description

通信方法及装置 技术领域
本申请实施例涉及无线通信领域,尤其涉及通信方法及装置,该方法和装置可应用于短距离通信领域,例如座舱域,适用于自动驾驶或者智能驾驶等场景。
背景技术
在数据传输时,为了确保数据传输的安全性,发送方会利用算法对数据进行加密并将加密后的数据发送给接收方,接收方接收到加密后的数据后,会利用该算法对加密后的数据进行解密得到该数据。为了使接收方可以正确解密出发送方发送的数据,接收方需要使用与发送方相同的算法解密加密后的数据,以保证正常的通信。
但是现有技术中,涉及通信加密的算法的种类很多。基于发送方和接收方能力的设置以及场景的需求,发送方与接收方可以支持的算法种类也很多。因此,如何使发送方和接收方准确、高效地通过相同的算法对数据进行加密或解密等处理,对通信效率和性能至关重要。
发明内容
本申请实施例提供通信方法及装置,可以实现发送方和接收方准确、高效地对通信信息进行加密或解密相关处理。
为达到上述目的,本申请实施例采用如下技术方案:
第一方面,本申请实施例提供一种通信方法,该方法应用于第一节点,该方法包括:接收来自第二节点的第一算法协商请求信息,该第一算法协商请求信息用于指示一个或多个算法和一个或多个密钥派生函数(key derivation function,KDF);确定该一个或多个算法中的至少一个第一算法和该一个或多个KDF中的至少一个第一KDF;向该第二节点发送第一信息,该第一信息用于指示该至少一个第一算法以及该至少一个第一KDF。
上述第一方面提供的方法,可以接收来自第二节点的用于指示一个或多个算法和一个或多个KDF的第一算法协商请求信息,根据该第一算法协商请求信息确定至少一个第一算法和至少一个第一KDF,并向第二节点发送用于指示至少一个第一算法以及该至少一个第一KDF的第一信息,如此,第一节点可以和第二节点协商算法以及KDF,从而实现第一节点和第二节点准确、高效地对通信信息进行加密或解密相关处理。以第一节点向第二节点发送信息为例,第一节点可以通过协商好的算法以及KDF对该信息进行加密,并向第二节点发送加密后的信息,第二节点接收到加密后的信息后,可以根据协商好的算法和KDF对加密后的信息进行解密,从而提高第一节点和第二节点之间通信的安全性。
结合第一方面,在一种可能的实现方式中,该一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。基于上述方法,第一节点和第二节点之间可以使用加密算法、完整性保护算法或认证加密算法等多种算法进行通信,提高了 第一节点与第二节点之间通信时使用的算法的多样性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息是通过该至少一个第一算法进行完整性保护。基于上述方法,第一节点可以通过至少一个第一算法对第一信息进行完整性保护,从而提高第一节点与第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息包括第二信息和第一消息认证码(message authentication code,MAC),其中:该第二信息用于指示该至少一个第一算法以及该至少一个第一KDF,该第一MAC是对该第二信息进行完整性保护得到的。基于上述方法,第一节点可以向第二节点发送第二信息和第一MAC,并通过第一MAC对第二信息进行完整性保护,从而可以提高第一节点与第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法包括完整性保护算法,该第一MAC是对所述第二信息,通过该完整性保护算法进行完整性保护得到的;或者,该至少一个第一算法包括认证加密算法,该第一MAC是对所述第二信息,通过该认证加密算法进行完整性保护得到的。基于上述方法,第一节点可以通过多种算法对第二信息进行完整性保护,提高了第一节点对第一节点和第二节点之间的信息进行完整性保护的灵活性和多样性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该第二信息还包括第一新鲜性参数和第一验证信息,该第一新鲜性参数是与该第一信息的时效性相关的参数,该第一验证信息是根据所述第一算法协商请求信息、预置的共享密钥、该第一新鲜性参数和所述第一KDF得到的。基于上述方法,第一节点还可以通过第一验证信息对第一算法协商请求信息进行完整性保护,提高第一节点与第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息包括加密信息、第二通信信息和第二MAC,其中:该加密信息是对第一通信信息进行加密处理后得到的,该第一通信信息不指示该至少一个第一算法或该至少一个第一KDF中至少一个,该第二通信信息用于指示该至少一个第一算法或该至少一个第一KDF中至少一个;该第二MAC是对该加密信息和该第二通信信息进行完整性保护得到的。基于上述方法,第一节点可以对第一通信信息加密,得到加密信息,并通过第二MAC对加密信息和第二通信信息进行完整性保护,从而可以提高第一节点与第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法包括加密算法和完整性保护算法;该加密信息是对该第一通信信息通过该加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该完整性保护算法进行完整性保护得到的。基于上述方法,第一节点还可以通过加密算法对第一通信信息进行加密,通过完整性保护算法对加密信息和该第二通信信息进行完整性保护,从而提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法包括认证加密算法;该加密信息是对该第一通信信息通过该认证 加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该认证加密算法进行完整性保护得到的。基于上述方法,第一节点还可以通过认证加密算法对第一通信信息进行加密,通过认证加密算法对加密信息和该第二通信信息进行完整性保护,从而提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法为该一个或多个算法中,该第一节点支持的优先级最高的算法;该至少一个第一KDF为该一个或多个KDF中、该第一节点支持的优先级最高的KDF。基于上述方法,因为算法的优先级是根据算法的安全性得到的,使用的算法的优先级越高,通信的安全性越高,所以第一节点采用一个或多个算法中,第一节点支持的优先级最高的算法,以及一个或多个KDF中第一节点支持的优先级最高的KDF和第二节点通信可以提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法对应一个或多个算法类型;该至少一个第一算法对应的算法类型为该一个或多个算法的算法类型中,该第一节点支持的优先级最高的算法类型。基于上述方法,第一节点可以确定第一节点和第二节点都支持的算法类型中优先级最高的算法类型,以便第一节点确定对应优先级最高的算法类型的所述至少一个第一算法。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法对应一个算法类型,该算法类型可以对应多个优先级不同的算法,第一算法为该算法类型对应的算法中,第一节点支持的优先级最高的算法。基于上述方法,至少一个第一算法对应一个算法类型时,第一节点可以将第一算法对应的算法类型中,第一节点支持的优先级最高的算法确定为第一算法。或者,该算法类型仅对应一个算法,则确定所述第一算法包括所述一个算法。如此,第一节点可以使用优先级较高的算法和第二节点通信。一般来说,算法的优先级与算法的安全性相关,因此,第一节点和第二节点使用优先级较高的算法通信,可以提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,至少一个第一算法对应多个算法类型,该多个算法类型的优先级相同。每个算法类型可以对应一个或多个优先级不同的算法,该至少一个第一算法包括上述多个算法类型的每个算法类型对应的算法中,第一节点支持的优先级最高的算法,或者某个算法类型仅对应一个算法,则该至少一个第一算法包括所述算法类型对应的所述一个算法。基于上述方法,至少一个第一算法对应多个算法类型时,第一节点可以将每个算法类型中,第一节点支持的优先级最高的算法确定为第一算法。如此,第一节点可以使用优先级较高的算法和第二节点通信。一般来说,算法的优先级与算法的安全性相关,因此,第一节点和第二节点使用优先级较高的算法通信,可以提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,第一算法协商请求信息还包括第二新鲜性参数,该第二新鲜性参数是与所述第一算法协商请求信息的时效性相关的参数,该方法还包括:接收来自该第二节点第二验证信息;其中,该第二验证信息是根据该第一信息、预置的共享密钥、该第二新鲜性参数 和该第一KDF得到的;根据该第一信息、该共享密钥、该第二新鲜性参数和该第一KDF验证该第二验证信息。基于上述方法,第一节点可以根据第一信息、共享密钥、第二新鲜性参数和第一KDF验证第二节点接收到的第一信息是否被修改,以提高第一节点和第二节点之间通信的安全性。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该方法还包括:接收来自该第二节点的第二算法协商请求信息,该第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;向该第二节点发送第三信息,该第三信息用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF。基于上述方法,第一节点可以接收来自第二节点的用于指示一个或多个算法和一个或多个KDF的第二算法协商请求信息,并向第二节点发送用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF的第三信息,如此,第一节点和第二节点可以通过多次通信来协商算法以及KDF,以提高第一节点和第二节点协商算法以及KDF的成功率。
结合第一方面以及第一方面的各种可能的实现方式,在一种可能的实现方式中,该第二算法协商请求信息指示的一个或多个算法不同于该第一算法协商请求信息指示的一个或多个算法;该第二算法协商请求信息指示的一个或多个KDF不同于该第一算法协商请求信息指示的一个或多个KDF。基于上述方法,第一节点可以获取第二节点多次指示的一个或多个算法和一个或多个KDF,以便第一节点根据获取到的一个或多个算法和一个或多个KDF确定用于和第二节点通信的算法和KDF,提高第一节点和第二节点协商算法以及KDF的成功率。
第二方面,本申请实施例提供一种通信方法,该方法应用于第二节点,该方法包括:向第一节点发送第一算法协商请求信息,该第一算法协商请求信息用于指示一个或多个算法和一个或多个KDF;接收来自该第一节点的第一信息,其中,该第一信息用于指示该一个或多个算法中的至少一个第一算法和该一个或多个KDF中的至少一个第一KDF。
上述第二方面提供的方法,可以向第一节点发送用于指示一个或多个算法和一个或多个KDF的第一算法协商请求信息,并接收来自第一节点的用于指示一个或多个算法中的至少一个第一算法,和该一个或多个KDF中的至少一个第一KDF的第一信息,如此,第一节点可以和第二节点协商算法以及KDF,并使用协商好的算法和KDF进行通信,从而实现第一节点和第二节点准确、高效地对通信信息进行加密或解密相关处理。
结合第二方面,在一种可能的实现方式中,该一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。基于上述方法,第一节点和第二节点之间可以使用加密算法、完整性保护算法或认证加密算法等多种算法进行通信,提高了第一节点与第二节点之间通信时使用的算法的多样性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息是通过该至少一个第一算法进行完整性保护。基于上述方法,第二节点可以通过至少一个第一算法验证第一信息的完整性,从而提高第一节点与第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息包括第二信息和第一消息验证码MAC,其中:该第二信息用于指示该至少一个第一算法以及该至少一个第一KDF,该第一MAC是对所述第二信息进行完整性保护得到的。基于上述方法,第二节点可以接收来自第一节点的第二信息和第一MAC,其中,第二信息是通过第一MAC进行完整性保护,从而可以提高第一节点与第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法包括完整性保护算法,该第一MAC是对该第二信息,通过该完整性保护算法进行完整性保护得到的;该方法还包括:根据该完整性保护算法和该第二信息,得到第三MAC,该第三MAC用于验证该第二信息的完整性;或者,该至少一个第一算法包括认证加密算法,该第一MAC是对该第二信息,通过该认证加密算法进行完整性保护得到的;该方法还包括:根据该认证加密算法和该第二信息,得到第三MAC,该第三MAC用于验证所述第二信息的完整性。基于上述方法,第二节点可以根据多种算法验证第二信息的完整性,提高了第二节点在验证信息的完整性时,第二节点的灵活性和多样性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该第二信息还包括第一新鲜性参数和第一验证信息,该第一新鲜性参数是与该第一信息的时效性相关的参数,该第一验证信息是根据该第一算法协商请求信息、预置的共享密钥、该第一新鲜性参数和该第一KDF得到的。基于上述方法,第二节点还可以通过第一验证信息验证第一算法协商请求信息的完整性,提高第一节点与第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该第一信息包括加密信息、第二通信信息和第二MAC,其中:该加密信息是对第一通信信息进行加密处理后得到的,该第一通信信息不指示该至少一个第一算法或该至少一个第一KDF中至少一个,该第二通信信息用于指示该至少一个第一算法或该至少一个第一KDF中至少一个;该第二MAC是对该加密信息和该第二通信信息进行完整性保护得到的。基于上述方法,第二节点可以接收来自第一节点的加密信息、第二通信信息和第二MAC,以便第二节点通过第二MAC验证加密信息和第二通信信息的完整性,从而可以提高第一节点与第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法包括加密算法和完整性保护算法;该加密信息是对该第一通信信息通过该加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该完整性保护算法进行完整性保护得到的;该方法还包括:根据该完整性保护算法、该加密信息和该第二通信信息,得到第四MAC;若该第四MAC与所述第二MAC相同,通过该加密算法对所述加密信息进行解密。基于上述方法,第二节点还可以根据该完整性保护算法、该加密信息和该第二通信信息得到第四MAC,并通过第四MAC验证加密信息和第二通信信息的完整性,从而提高第一节点和第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中, 该至少一个第一算法包括认证加密算法;该加密信息是对该第一通信信息通过该认证加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该认证加密算法进行完整性保护得到的;该方法还包括:根据该认证加密算法、该加密信息和该第二通信信息,得到第四MAC;若该第四MAC与该第二MAC相同,通过该认证加密算法对该加密信息解密。基于上述方法,第二节点还可以根据该认证加密算法、该加密信息和该第二通信信息得到第四MAC,并通过第四MAC验证加密信息和第二通信信息的完整性,从而提高第一节点和第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法为该一个或多个算法中,该第一节点支持的优先级最高的算法;该至少一个第一KDF为该一个或多个KDF中,该第一节点支持的优先级最高的KDF。基于上述方法,因为算法的优先级是根据算法的安全性得到的,使用的算法的优先级越高,通信的安全性越高,所以第二节点采用一个或多个算法中,该第一节点支持的优先级最高的算法,以及一个或多个KDF中,该第一节点支持的优先级最高的KDF和第一节点通信可以提高第一节点和第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法对应一个或多个算法类型;该至少一个第一算法对应的算法类型为该一个或多个算法的算法类型中,该第一节点支持的优先级最高的算法类型。基于上述方法,第一节点可以确定第一节点和第二节点都支持的算法类型中优先级最高的算法类型,以便第一节点确定对应优先级最高的算法类型的所述至少一第一算法。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该至少一个第一算法对应一个算法类型,该算法类型可以对应多个优先级不同的算法,第一算法为该算法类型对应的算法中,第一节点支持的优先级最高的算法。基于上述方法,至少一个第一算法对应一个算法类型时,第一节点可以将第一算法对应的算法类型中,第一节点支持的优先级最高的算法确定为第一算法。或者,该算法类型仅对应一个算法,则确定所述第一算法包括所述一个算法。如此,第一节点可以使用优先级较高的算法和第二节点通信。一般来说,算法的优先级与算法的安全性相关,因此,第一节点和第二节点使用优先级较高的算法通信,可以提高第一节点和第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,至少一个第一算法对应多个算法类型,该多个算法类型的优先级相同。每个算法类型可以对应多个优先级不同的算法,该至少一个第一算法包括上述多个算法类型的每个算法类型对应的算法中,第一节点支持的优先级最高的算法,或者某个算法类型仅对应一个算法,则该至少一个第一算法包括所述算法类型对应的所述一个算法。基于上述方法,至少一个第一算法对应多个算法类型时,第一节点可以将每个算法类型中,第一节点支持的优先级最高的算法确定为第一算法。如此,第一节点可以使用优先级较高的算法和第二节点通信。一般来说,算法的优先级与算法的安全性相关,因此,第一节点和第二节点使用优先级较高的算法通信,可以提高第一节点和第二节点之间通信的安全性。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中, 第一算法协商请求信息还包括第二新鲜性参数,该第二新鲜性参数是与该第一算法协商请求信息的时效性相关的参数,该方法还包括:向该第一节点发送第二验证信息;其中,该第二验证信息是根据该第一信息、预置的共享密钥、该第二新鲜性参数和该第一KDF得到的。基于上述方法,第二节点可以通过第二验证信息对第一信息进行完整性保护。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该方法还包括:向该第一节点发送第二算法协商请求信息,该第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;接收来自该第一节点的第三信息,该第三信息用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF。基于上述方法,第二节点可以向第一节点发送用于指示一个或多个算法和一个或多个KDF的第二算法协商请求信息,并接收来自第一节点的用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF的第三信息,如此,第一节点和第二节点可以通过多次通信来协商算法以及KDF,以提高第一节点和第二节点协商算法以及KDF的成功率。
结合第二方面以及第二方面的各种可能的实现方式,在一种可能的实现方式中,该第二算法协商请求信息指示的一个或多个算法不同于该第一算法协商请求信息指示的一个或多个算法;该第二算法协商请求信息指示的一个或多个KDF不同于该第一算法协商请求信息指示的一个或多个KDF。基于上述方法,第二节点可以多次向第一节点指示的一个或多个算法和一个或多个KDF,以便第一节点根据接收到的一个或多个算法和一个或多个KDF确定用于和第二节点通信的算法和KDF,提高第一节点和第二节点协商算法以及KDF的成功率。
第三方面,本申请实施例提供一种通信装置,可以实现上述第一方面、或第一方面任一种可能的实现方式中的方法。该装置包括用于执行上述方法的相应的单元或部件。该装置包括的单元可以通过软件和/或硬件方式实现。该装置例如可以为第一节点、或者为可支持第一节点实现上述方法的芯片、芯片系统、或处理器等。
第四方面,本申请实施例提供一种通信装置,可以实现上述第二方面、或第二方面任一种可能的实现方式中的方法。该装置包括用于执行上述方法的相应的单元或部件。该装置包括的单元可以通过软件和/或硬件方式实现。该装置例如可以为第二节点、或者为可支持第二节点实现上述方法的芯片、芯片系统、或处理器等。
第五方面,本申请实施例提供一种通信装置,包括:处理器,所述处理器与存储器耦合,所述存储器用于存储程序或指令,当所述程序或指令被所述处理器执行时,使得该装置实现上述第一方面、或第一方面任一种可能的实现方式中所述的方法。
第六方面,本申请实施例提供一种通信装置,包括:处理器,所述处理器与存储器耦合,所述存储器用于存储程序或指令,当所述程序或指令被所述处理器执行时,使得该装置实现上述第二方面、或第二方面任一种可能的实现方式中所述的方法。
第七方面,本申请实施例提供一种通信装置,该装置用于实现上述第一方面、或第一方面任一种可能的实现方式中所述的方法。
第八方面,本申请实施例提供一种通信装置,该装置用于实现上述第二方面、或第二方面任一种可能的实现方式中所述的方法。
第九方面,本申请实施例提供一种计算机可读介质,其上存储有计算机程序或指令,所述计算机程序或指令被执行时使得计算机执行上述第一方面、或第一方面任一种可能的实现方式中所述的方法。
第十方面,本申请实施例提供一种计算机可读介质,其上存储有计算机程序或指令,所述计算机程序或指令被执行时使得计算机执行上述第二方面、或第二方面任一种可能的实现方式中所述的方法。
第十一方面,本申请实施例提供一种计算机程序产品,其包括计算机程序代码,所述计算机程序代码在计算机上运行时,使得计算机执行上述第一方面、或第一方面任一种可能的实现方式中所述的方法。
第十二方面,本申请实施例提供一种计算机程序产品,其包括计算机程序代码,所述计算机程序代码在计算机上运行时,使得计算机执行上述第二方面、或第二方面任一种可能的实现方式中所述的方法。
第十三方面,本申请实施例提供一种芯片,包括:至少一个处理器,所述处理器与存储器耦合,所述存储器用于存储程序或指令,当所述程序或指令被所述处理器执行时,使得该芯片实现上述第一方面、或第一方面任一种可能的实现方式中所述的方法。
第十四方面,本申请实施例提供一种芯片,包括:至少一个处理器,所述处理器与存储器耦合,所述存储器用于存储程序或指令,当所述程序或指令被所述处理器执行时,使得该芯片实现上述第二方面、或第二方面任一种可能的实现方式中所述的方法。
第十五方面,本申请实施例提供一种通信系统。该系统包括上述第三方面所述的装置和/或上述第四方面所述的装置,或者该系统包括上述第五方面所述的装置和/或上述第六方面所述的装置,或者该系统包括上述第七方面所述的装置和/或上述第八方面所述的装置。
可以理解的,上述提供的任一种通信装置、芯片、计算机可读介质、计算机程序产品或通信系统等均用于执行上文所提供的对应的方法,因此,其所能达到的有益效果可参考对应的方法中的有益效果,此处不再赘述。
附图说明
图1为本申请实施例提供的通信系统架构示意图;
图2为本申请实施例提供的通信装置的硬件结构示意图;
图3为本申请实施例提供的通信方法的流程示意图一;
图4为本申请实施例提供的通信方法的流程示意图二;
图5为本申请实施例提供的通信方法的流程示意图三;
图6为本申请实施例提供的通信方法的流程示意图四;
图7为本申请实施例提供的通信方法的流程示意图五;
图8为本申请实施例提供的通信方法的流程示意图六;
图9为本申请实施例提供的通信装置的结构示意图一;
图10为本申请实施例提供的通信装置的结构示意图二;
图11为本申请实施例提供的通信装置的结构示意图三;
图12为本申请实施例提供的通信系统的组成示意图;
图13为本申请实施例提供的芯片的结构示意图。
具体实施方式
下面结合附图对本申请实施例的实施方式进行详细描述。
本申请实施例提供的方法可用于各种通信系统。例如该通信系统可以为长期演进(long term evolution,LTE)系统、第五代(5th generation,5G)通信系统、新无线(new radio,NR)系统、无线保真(wireless-fidelity,WiFi)系统,第三代合作伙伴计划(3rd generation partnership project,3GPP)相关的通信系统以及未来演进的通信系统等,不予限制。下面仅以图1所示通信系统10为例,对本申请实施例提供的方法进行描述。
如图1所示,为本申请实施例提供的通信系统10的架构示意图。图1中,通信系统10可以包括节点101以及可以与节点101进行通信的节点102。图1仅为示意图,并不构成对本申请提供的技术方案的适用场景的限定。
图1中的节点101或节点102可以是任意一种具有收发功能的设备。包括但不限于:LTE中的演进型基站(NodeB或eNB或e-NodeB,evolutional Node B),NR中的基站(gNodeB或gNB)或收发点(transmission receiving point/transmission reception point,TRP),3GPP后续演进的基站,WiFi系统中的接入节点,无线中继节点,无线回传节点,数据中转设备(如路由器、中继器、桥接器或交换机)等。基站可以是:宏基站,微基站,微微基站,小站,中继站,或,气球站等。节点101或节点102还可以是云无线接入网络(cloud radio access network,CRAN)场景下的无线控制器、集中单元(centralized unit,CU),和/或,分布单元(distributed unit,DU)。节点101或节点102还可以是服务器,可穿戴设备(如智能手表,智能手环,计步器等),机器通信设备、或车载设备等。节点101或节点102还可以是手机(mobile phone)、平板电脑(Pad)、带无线收发功能的电脑、耳机、音响、虚拟现实(virtual reality,VR)终端设备、增强现实(augmented reality,AR)终端设备、机器类型通信(machine type communication,MTC)中的终端、工业控制(industrial control)中的终端、车载终端设备、无人驾驶(self driving)中的终端、辅助驾驶中的终端设备、远程医疗(remote medical)中的终端、智能电网(smart grid)中的终端、运输安全(transportation safety)中的终端、智慧城市(smart city)中的终端、智慧家庭(smart home)中的终端等等。本申请的实施例对应用场景不做限定。终端有时也可以称为终端设备、用户设备(user equipment,UE)、接入终端设备、车载终端、工业控制终端、UE单元、UE站、移动站、移动台、远方站、远程终端设备、移动设备、UE终端设备、无线通信设备、机器终端、UE代理或UE装置等。终端可以是固定的,也可以是移动的。节点101或节点102还可以是汽车座舱(cockpit domain)设备,或者汽车座舱设备中的一个模块(座舱域控制器(cockpit domain controller,CDC)、摄像头、屏幕、麦克风、音响、电子钥匙、无钥匙进入及启动系统控制器等模块)。
图1所示的通信系统10仅用于举例,并非用于限制本申请的技术方案。本领域的技术人员应当明白,在具体实现过程中,通信系统10还可以包括其他设备,同时也可根据具体需要来确定节点的数量,不予限制。
可选的,本申请实施例图1中的各节点,例如节点101或节点102,可以是一个装置内的一个功能模块。可以理解的是,该功能模块既可以是硬件设备中的元件,例如,终端设备或网络设备中的通信芯片或通信部件,也可以是在硬件上运行的软件功能模块,或者是平台(例如,云平台)上实例化的虚拟化功能。
例如,图1中的各节点均可以通过图2中的通信装置200来实现。图2所示为可适用于本申请实施例的通信装置的硬件结构示意图。该通信装置200可以包括至少一个处理器201、存储器203以及至少一个通信接口204。可选的,所述通信装置还包括通信线路202。
所述至少一个处理器201可以包括通用中央处理器(central processing unit,CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),现场可编程门阵列(field programmable gate array,FPGA)或一个或多个用于控制本申请方案程序执行的集成电路中的一个或多个。
通信线路202可用于在上述组件之间传送信息。例如总线。
通信接口204,使用任何收发器一类的装置,用于与其他设备或通信网络通信,如以太网接口,无线接入网接口(radio access network,RAN),无线局域网接口(wireless local area networks,WLAN)等;或者,通信接口204可以为至少一个处理器201提供输入输出,完成数据、指令或者信息的发送或者接收,但是连接结构不限定于如图2所示。
存储器203可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。存储器可以是独立存在,通过通信线路202与处理器相连接。存储器也可以和处理器集成在一起。本申请实施例提供的存储器通常可以具有非易失性。其中,存储器203用于存储执行本申请方案所涉及的计算机执行指令,并由处理器201来控制执行。处理器201用于执行存储器203中存储的计算机执行指令,从而实现本申请实施例提供的方法。
可选的,本申请实施例中的计算机执行指令也可以称之为应用程序代码,本申请实施例对此不作具体限定。
在具体实现中,作为一种实施例,处理器201可以包括一个或多个CPU,例如图2中的CPU0和CPU1。
在具体实现中,作为一种实施例,通信装置200可以包括多个处理器,例如图2中的处理器201和处理器207。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。
在具体实现中,作为一种实施例,通信装置200还可以包括输出设备205和输入 设备206。输出设备205和处理器201通信,可以以多种方式来显示信息。例如,输出设备205可以是液晶显示器(liquid crystal display,LCD),发光二级管(light emitting diode,LED)显示设备,阴极射线管(cathode ray tube,CRT)显示设备,或投影仪(projector)等。输入设备206和处理器201通信,可以以多种方式接收用户的输入。例如,输入设备206可以是鼠标、键盘、触摸屏设备或传感设备等。
在具体实现中,通信装置200可以是台式机、便携式电脑、网络服务器、掌上电脑(personal digital assistant,PDA)、移动手机、平板电脑、无线终端设备、嵌入式设备或有图2中类似结构的设备。本申请实施例不限定通信装置200的类型。
下面结合图1和图2对本申请实施例提供的通信方法进行具体阐述。其中,下述实施例中的节点可以具备图2所示部件。
需要说明的是,本申请实施例中的算法可以是信令面的算法,或者用户面的算法,或者信令面的算法和用户面的算法。信令面用于传输控制类的信令,例如,接入请求信息或身份认证信息等,用户面用于传输数据。信令面的算法用于第一节点和第二节点之间的信令面的通信,信令面的算法可以包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。用户面的算法用于第一节点和第二节点之间的用户面的通信,用户面的算法可以包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
本申请实施例中用户面的算法与信令面的算法可以相同也可以不同。其中,信令面的算法和用户面的算法相同可以表现为:信令面的算法的个数与用户面相同,信令面的算法所属的类型与用户面相同,并且信令面的算法的标识与用户面相同。例如,信令面的算法包括2种算法,分别为加密算法1和完整性保护算法1,用户面的算法也包括2种算法,分别为加密算法1和完整性保护算法1。信令面的算法和用户面的算法不同可以表现为:信令面的算法所属的类型与用户面不同(例如,信令面的算法包括加密算法和完整性保护算法,用户面的算法包括认证加密算法),和/或,信令面的算法的个数与用户面不同(例如,信令面的算法包括2种算法,用户面的算法包括1种算法);或者,当信令面的算法所属的类型与用户面相同,且信令面的算法的个数与用户面相同时,信令面的算法的标识与用户面不同等(例如,信令面的算法包括2种算法,分别为加密算法1和完整性保护算法1,用户面的算法包括2种算法,分别为加密算法2和完整性保护算法2)。
需要说明的是,本申请下述实施例中各个节点之间的消息名字或消息中各参数的名字等只是一个示例,具体实现中也可以是其他的名字,本申请实施例对此不作具体限定。
可以理解的,本申请实施例中,第一节点或第二节点可以执行本申请实施例中的部分或全部步骤,这些步骤仅是示例,本申请实施例还可以执行其它步骤或者各种步骤的变形。此外,各个步骤可以按照本申请实施例呈现的不同的顺序来执行,并且有可能并非要执行本申请实施例中的全部步骤。
如图3所示,为本申请实施例提供的一种通信方法,该通信方法包括步骤301-步骤303。
步骤301:第二节点向第一节点发送第一算法协商请求信息。
其中,第二节点可以是图1中的任一节点,例如,第二节点可以是图1所示的节点101 或者节点102。当第二节点为图1所示的节点101时,第一节点可以为图1所示的节点102。当第二节点为图1所示的节点102时,第一节点可以为图1所示的节点101。
其中,第一算法协商请求信息可以用于指示一个或多个算法和一个或多个密钥派生函数(key derivation function,KDF)。该一个或多个算法可以是第二节点支持的一个或多个算法。该一个或多个KDF可以是该第二节点支持的一个或多个KDF。KDF可以用于生成该一个或多个算法中部分或全部算法对应的密钥。
这里需要说明的是,所述第二节点支持的一个或多个算法,和/或,所述第二节点支持的一个或多个KDF可以统一称为第二节点的安全能力。
其中,一个或多个算法可以是同一类型的算法,也可以是不同类型的算法,例如,一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。进一步,所述一个或多个算法包括至少一个加密算法,和/或,至少一个完整性保护算法,和/或,至少一个认证加密算法。加密算法可以通过加密算法的密钥对第一节点和第二节点之间的全部或部分通信信息加密或解密。完整性保护算法可以通过完整性保护算法对应的密钥对第一节点和第二节点之间的全部或部分通信信息进行完整性保护,或者,通过完整性保护算法对应的密钥验证第一节点和第二节点之间的全部或部分通信信息的完整性。认证加密算法可以通过认证加密算法的密钥对第一节点和第二节点之间的全部或部分通信信息加密或解密,以及,认证加密算法可以通过认证加密算法的密钥对第一节点和第二节点之间的全部或部分通信信息进行完整性保护,或者,通过认证加密算法的密钥验证第一节点和第二节点之间的全部或部分通信信息的完整性。
可以理解的,本申请实施例不限制第一算法协商请求信息指示的加密算法、完整性保护算法或认证加密算法的个数,例如,第一算法协商请求信息可以指示8个算法,该8个算法中,有2个是加密算法,3个是完整性保护算法,3个是认证加密算法。
可选的,第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级排列。例如,第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从高到低排列,或者,第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从低到高排列。
示例性的,以第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从高到低排列为例,若第一算法协商请求信息用于指示加密算法1、加密算法2、完整性保护算法1、完整性保护算法2、KDF1和KDF2,则加密算法的优先级大于或等于完整性保护算法的优先级,对于加密算法,加密算法1的优先级大于或等于加密算法2的优先级,对于完整性保护算法,完整性保护算法1的优先级大于或等于完整性保护算法2的优先级,对于KDF,KDF1的优先级大于或等于KDF2的优先级。
示例性的,以第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从低到高排列为例,若第一算法协商请求信息用于指示加密算法1、加密算法2、完整性保护算法1、完整性保护算法2、KDF1和KDF2,加密算法的优先级小于或等于完整性保护算法的优先级,对于加密算法,加密算法1的优先级小于或等于加密算法2的优先级,对于完整性保护算法,完整性保护算法1的优先级小于或等于完整性保护算法2的优先级,对于KDF,KDF1的优先级小于或等于KDF2的优先级。
可以理解的,若一个或多个算法既包括信令面算法,又包括用户面算法,该一个 或多个算法分别按照信令面算法的优先级和用户面算法的优先级排列。
示例性的,以第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从高到低排列为例,若第一算法协商请求信息指示的算法和KDF可以如表1所示,表1中,用户面算法包括加密算法1、加密算法2和完整性保护算法1,信令面算法包括加密算法2、完整性保护算法1和完整性保护算法2,KDF包括KDF1、KDF2和KDF3。则对于用户面算法和信令面算法,加密算法的优先级大于或等于完整性保护算法的优先级,对于用户面算法包括的加密算法,加密算法1的优先级大于或等于加密算法2的优先级,对于信令面算法包括的完整性保护算法,完整性保护算法1的优先级大于或等于完整性保护算法2的优先级。
表1
用户面算法 信令面算法 KDF
加密算法1 算法2 KDF 1
加密算法2 完整性保护算法1 KDF 2
完整性保护算法1 完整性保护算法2 KDF 3
示例性的,以第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级从高到低排列为例,第一算法协商请求信息指示的算法和KDF还可以如表2所示,表2中,对于用户面算法/KDF,认证加密算法的优先级大于加密算法和完整性保护算法的优先级,加密算法和完整性保护算法的优先级相同。其中,认证加密算法1的优先级大于或等于认证加密算法2的优先级,完整性保护算法1的优先级大于或等于完整性保护算法2的优先级,完整性保护算法2的优先级大于或等于加密算法1的优先级,加密算法1的优先级大于或等于加密算法2的优先级,KDF1的优先级大于或等于KDF2的优先级。对于信令面算法/KDF,加密算法和完整性保护算法的优先级相同,加密算法和完整性保护算法的优先级大于认证加密算法的优先级。其中,完整性保护算法1的优先级大于或等于完整性保护算法2的优先级,完整性保护算法2的优先级大于或等于加密算法1的优先级,加密算法1的优先级大于或等于加密算法2的优先级,认证加密算法2的优先级大于或等于认证加密算法1的优先级,KDF3的优先级大于或等于KDF4的优先级。
表2
Figure PCTCN2020093542-appb-000001
第一算法协商请求信息可以通过下述方式中的任一种方式指示一个或多个算法和 一个或多个KDF。
方式1.1,第一算法协商请求信息包括一个或多个算法的标识和一个或多个KDF的标识。
示例性的,以表3所示的算法/KDF的标识为例,当第一算法协商请求信息包括ID1、ID3和ID5时,第一算法协商请求信息用于指示算法1、算法3和KDF2;当第一算法协商请求信息包括ID2和ID4时,第一算法协商请求信息用于指示算法2和KDF1。
表3
算法/KDF 算法/KDF的标识
算法1 ID1
算法2 ID2
算法3 ID3
KDF1 ID4
KDF2 ID5
可以理解的,表1-表3仅是第一算法协商请求信息指示的算法的示例,在具体应用中,第一算法协商请求信息指示的算法还可以是其他形式的,不予限制。
方式1.2,第一算法协商请求信息包括一个比特序列,该比特序列中的一个比特与一个算法或一个KDF对应,该比特序列中的每个比特可以通过0或1指示第一算法协商请求信息是否指示该比特对应的算法或KDF。例如,若该比特为1,可以表示第一算法协商请求信息指示该比特对应的算法或KDF,若该比特为0,可以表示第一算法协商请求信息不指示该比特对应的算法或KDF,反之亦然。
示例性的,以第一算法协商请求信息包括5比特,该5比特中的第1个比特与算法1对应,第2个比特和算法2对应,第3个比特和算法3对应,第4个比特和KDF1对应,第5个比特和KDF2对应为例,若该5比特为01010,可以表示第一算法协商请求信息用于指示算法2和KDF1;若该5比特为11001,可以表示第一算法协商请求信息用于指示算法1、算法2和KDF2。
方式1.3,第一算法协商请求信息包括两个比特序列,该两个比特序列的长度可以相同也可以不同。
对于其中一个比特序列,该比特序列中的一个比特与一个算法对应,该比特序列中的每个比特可以通过0或1指示第一算法协商请求信息是否指示该比特对应的算法。例如,若该比特为1,可以表示第一算法协商请求信息指示该比特对应的算法,若该比特为0,可以表示第一算法协商请求信息不指示该比特对应的算法,反之亦然。
对于其中另一个比特序列,该比特序列中的一个比特与一个KDF对应,该比特序列中的每个比特可以通过0或1指示第一算法协商请求信息是否指示该比特对应的KDF。例如,若该比特为1,可以表示第一算法协商请求信息指示该比特对应的KDF,若该比特为0,可以表示第一算法协商请求信息不指示该比特对应的KDF,反之亦然。
示例性的,以第一算法协商请求信息包括两个比特序列,其中一个比特序列为3比特,该3比特中的第1个比特与算法1对应,第2个比特和算法2对应,第3个比特和算法3对应,其中另一个比特序列为2比特,该2比特中的第1个比特和KDF1 对应,第2个比特和KDF2对应为例,若第一算法协商请求信息包括110和01,可以表示第一算法协商请求信息用于指示算法1、算法2和KDF2;若第一算法协商请求信息包括010和11,可以表示第一算法协商请求信息用于指示算法2、KDF1和KDF2。
可选的,第一算法协商请求信息还包括第二节点的标识和第二新鲜性参数。
其中,第二节点的标识可以用于标识该第二节点。该第二新鲜性参数是与第一算法协商请求信息的时效性相关的参数。例如,该第二新鲜性参数包括第二节点中计数器的值或第一随机数。该计数器的值可以是第二节点确定发送第一算法协商请求信息时,第二节点的计数器的值,该计数器可以用于记录第一节点和第二节点的通信次数。该第一随机数可以是第二节点确定发送第一算法协商请求信息时,第二节点生成的随机数。
可选的,在步骤301之前,第二节点检测第二节点是否有和第一节点协商好的算法和KDF,若第二节点是有和第一节点协商好的算法和KDF,第二节点使用该协商好的算法和KDF和第一节点通信;若第二节点没有和第一节点协商好的算法和KDF,第二节点执行步骤301。
步骤302:第一节点接收来自第二节点的第一算法协商请求信息,并确定一个或多个算法中的至少一个第一算法和一个或多个KDF中的至少一个第一KDF。
这里需要说明的是,所述第一节点支持的一个或多个算法,和/或,所述第一节点支持的一个或多个KDF可以统一称为第一节点的安全能力。
可选的,至少一个第一算法包括加密算法;或者,至少一个第一算法包括完整性保护算法;或者,至少一个第一算法包括加密算法和完整性保护算法;或者,至少一个第一算法包括认证加密算法。
可选的,多个算法对应相应的优先级。多个KDF对应相应的优先级。
一种可能的实现方式,第一算法协商请求信息指示的一个或多个算法和一个或多个KDF按照优先级排列,具体的,可以参考上述步骤301中所述,不予赘述。
另一种可能的实现方式,算法的标识与算法的优先级之间存在对应关系。可选的,所述对应关系是预先定义的,例如在标准或者协议中定义,或者,所述对应关系是预先设置的,可以通过任一其他设备预先配置给相应的节点。示例性的,标识大的算法的优先级大于标识小的算法的优先级;或者,标识小的算法的优先级大于标识大的算法的优先级。例如,算法2的优先级大于算法1的优先级;或者,算法1的优先级大于算法2的优先级。同理,KDF的标识与KDF的优先级有对应关系。示例性的,标识大的KDF的优先级大于标识小的KDF的优先级;或者,标识小的KDF的优先级大于标识大的KDF的优先级。为阐述方便,下文多用列表的方式进行对应关系的解释,但是本领域技术人员可知,本申请包含但不限定通过表格的方式体现所述对应关系。
再一种可能的实现方式,多个算法的优先级通过算法的优先级列表来展示。多个KDF的优先级通过KDF的优先级列表来展示。
可选的,算法的优先级列表包括加密算法的优先级列表,和/或,完整性保护算法的优先级列表,和/或,认证加密算法的优先级列表。
可以理解的,若本申请实施例中的算法是信令面的算法和用户面的算法,则算法的优先级列表包括用户面算法的优先级列表,和/或,信令面算法的优先级列表。用户 面算法的优先级列表可以用于确定用户面的第一算法,信令面算法的优先级列表可以用于确定信令面的第一算法。其中,用户面算法的优先级列表和信令面算法的优先级列表可以相同也可以不同。
可以理解的,上述算法的优先级列表中包括一个或多个算法,并且算法的优先级列表包括的一个或多个算法按照算法的优先级排列。示例性的,以加密算法的优先级列表为例,该加密算法的优先级列表包括算法1、算法2和算法3,其中,算法1的优先级≥算法2的优先级≥算法3的优先级,或者,算法1的优先级≤算法2的优先级≤算法3的优先级。上述KDF的优先级列表中包括一个或多个KDF,并且该一个或多个KDF按照KDF的优先级排列。示例性的,该KDF的优先级列表包括KDF1、KDF2和KDF3,其中,KDF1的优先级≥KDF2的优先级≥KDF3的优先级,或者,KDF1的优先级≤KDF2的优先级≤KDF3的优先级。
可选的,上述算法的优先级列表中的算法按照算法的优先级从高到低,或者从低到高排列。KDF的优先级列表中的KDF按照KDF的优先级从高到低,或者从低到高排列。
示例性的,以算法的优先级列表包括加密算法的优先级列表、完整性保护算法的优先级列表和认证加密算法的优先级列表,认证加密算法的优先级>完整性保护算法的优先级≥加密算法的优先级,加密算法的优先级列表包括算法1和算法2,算法1的优先级大于算法2的优先级,完整性保护算法的优先级列表包括算法3和算法4,算法3的优先级大于算法4的优先级,认证加密算法算法的优先级列表包括算法5和算法6,算法5的优先级大于算法6的优先级,上述每个优先级列表中的算法按照算法的优先级从高到低排列为例,算法的优先级列表可以如表4所示。表4仅是算法的优先级列表的示例,算法的优先级列表还可以是其他形式,不予限制。
表4
Figure PCTCN2020093542-appb-000002
可以理解的,对于上述示例,当完整性保护算法的优先级与加密算法的优先级相同时,算法的优先级列表可以如表5所示。表5中,认证加密算法的优先级为优先级1,加密算法和完整性保护算法的优先级为优先级2,优先级1的优先级大于优先级2。
表5
Figure PCTCN2020093542-appb-000003
Figure PCTCN2020093542-appb-000004
可选的,至少一个第一算法为一个或多个算法中,第一节点支持的优先级最高的算法。该至少一个第一算法对应一个或多个算法类型。例如,若该至少一个第一算法包括一个算法,至少一个第一算法对应一个算法类型;若该至少一个第一算法包括多个算法,至少一个第一算法包括的多个算法中,每个算法对应一个算法类型。
进一步的,至少一个第一算法对应的算法类型为一个或多个算法的算法类型中,第一节点支持的优先级最高的算法类型。
在一种可能的实施方式中,至少一个第一算法对应一个算法类型,该算法类型可以对应多个优先级不同的算法,则第一算法为该算法类型对应的算法中,第一节点支持的优先级最高的算法。或者,该算法类型仅对应一个算法,则所述第一算法包括所述算法类型对应的一个算法。
示例性的,以至少一个第一算法包括一个算法,第一算法协商请求信息指示算法3、算法4、算法1和算法2,算法3的优先级>算法4的优先级>算法1的优先级>算法2的优先级为例,若第一节点支持的算法包括算法4和算法1,则该至少一个第一算法为算法4,若第一节点支持的算法包括算法3和算法1,则该至少一个第一算法为算法3。
示例性的,以至少一个第一算法包括一个算法,算法的优先级列表如表5所示,第一算法协商请求信息指示算法5、算法6、算法3和算法2为例,若第一节点支持的算法包括算法6、算法3和算法1,则该至少一个第一算法为算法6;若第一节点支持的算法包括算法5、算法4和算法2,则该至少一个第一算法为算法5。
在另一种可能的实施方式中,至少一个第一算法对应多个算法类型,该多个算法类型的优先级相同。每个算法类型可以对应一个或多个优先级不同的算法,至少一个第一算法包括上述多个算法类型中每个算法类型对应的算法中,第一节点支持的优先级最高的算法,或者某个算法类型仅对应一个算法,则该至少一个第一算法包括所述算法类型对应的所述一个算法。
示例性的,以该至少一个第一算法包括2个算法,算法的优先级列表如表6所示,第一算法协商请求信息指示算法5、算法6、算法3和算法2为例,表6中,对于算法类型,加密算法和完整性保护算法的优先级相同,加密算法和完整性保护算法的优先级大于认证加密算法的优先级,对于加密算法,算法5的优先级大于或等于算法6的优先级,对于完整性保护算法,算法3的优先级大于或等于算法4的优先级,对于认证加密算法,算法1的优先级大于或等于算法2的优先级,若第一节点支持的算法包括算法5、算法6、算法3、算法4和算法1,则至少一个第一算法包括算法5和算法3。
表6
Figure PCTCN2020093542-appb-000005
Figure PCTCN2020093542-appb-000006
需要说明的是,当第一算法协商请求信息指示的算法的算法类型中,优先级最高的算法类型为多个,第一节点也可以将该多个算法类型中的部分算法类型确定为至少一个第一算法对应的算法类型。示例性的,第一算法协商请求信息指示的算法的算法类型中,优先级最高的算法类型为加密算法和完整性保护算法,第一节点将完整性保护算法确定为至少一个第一算法对应的算法类型。这种场景下,可以不采用加密算法进行加密。这里需要进一步说明的是,为方便阐述方案,采用了“确定算法类型”的表述,但是实际方案中,可以不单独确定算法类型,直接确定对应所述算法类型的至少一个第一算法。
需要说明的是,加密算法可以包括空加密算法。空加密算法用于生成全0的密钥流,或者说,空加密算法可以表示不对信息加密。当至少一个第一算法包括空加密算法时,表示不对第一节点和第二节点之间的通信信息加密。
可以理解的,表4-表6仅是算法的优先级列表的示例,在具体应用中,算法的优先级列表还可以是其他形式的,不予限制。
可选的,算法的优先级与算法的安全性有关。例如,安全性越高的算法的优先级越高,安全性越低的算法的优先级越低。KDF的优先级与KDF的安全性有关。例如,安全性越高的KDF的优先级越高,安全性越低的KDF的优先级越低。
可选的,至少一个第一KDF为一个或多个KDF中,第一节点支持的优先级最高的KDF。例如,若该至少一个第一KDF包括一个KDF,至少一个第一KDF为一个或多个KDF中,第一节点支持的优先级最高的一个KDF;若该至少一个第一KDF包括m个KDF,m为大于1的正整数,至少一个第一KDF为一个或多个KDF中,第一节点支持的优先级最高的前m个KDF。
示例性的,以至少一个第一KDF包括一个KDF,第一算法协商请求信息指示KDF1、KDF2和KDF3,KDF1的优先级>KDF2的优先级>KDF3的优先级为例,若第一节点支持的KDF包括KDF2和KDF3,则至少一个第一KDF为KDF2;若第一节点支持的KDF包括KDF1和KDF2,则至少一个第一KDF为KDF1。
步骤303:第一节点向第二节点发送第一信息。
其中,第一信息用于指示至少一个第一算法以及至少一个第一KDF,以实现第一节点采用至少一个第一算法以及至少一个第一KDF和第二节点通信。
可选的,第一信息是通过至少一个第一算法进行完整性保护;或者,第一信息是通过至少一个第一算法加密并通过至少一个第一算法进行完整性保护;或者,第一信息是通过至少一个第一算法加密的。
首先,介绍第一信息是通过至少一个第一算法进行完整性保护的情况:
第一信息包括第二信息和第一MAC。第二信息用于指示至少一个第一算法以及至少一个第一KDF。示例性的,第二信息包括至少一个第一算法以及至少一个第一KDF的信息。例如,第二信息包括至少一个第一算法的标识以及至少一个第一KDF的标识。第一MAC是对第二信息进行完整性保护得到的。
进一步的,至少一个第一算法包括完整性保护算法,或者,至少一个第一算法包括完整性保护算法和加密算法,第一MAC是对第二信息,通过完整性保护算法进行完整性保护得到的;或者,至少一个第一算法包括认证加密算法,第一MAC是对第二信息,通过认证加密算法进行完整性保护得到。具体的,可以参考下述图6或图7所示方法中所述。
其中,第一信息可以通过下述方式中的任一种方式指示至少一个第一算法以及至少一个第一KDF。
方式2.1,第二信息包括第一算法的标识和第一KDF的标识。
示例性的,以表3所示的算法/KDF的标识为例,当第二信息包括ID1和ID5时,第一信息用于指示算法1和KDF2;当第二信息包括ID2和ID4时,第一信息用于指示算法2和KDF1。
示例性的,以算法/KDF的标识如表7所示,第二信息包括16个比特,其中,第1-4个比特用于指示加密算法的标识,第5-8个比特用于指示完整性保护算法的标识,第9-12个比特用于指示认证加密算法的标识,第13-16个比特用于指示KDF的标识为例,表7中,加密算法包括算法1、算法2和算法3,算法1的标识为0000,算法1为空加密算法,用于生成全0的密钥流,算法2的标识为0001,算法3的标识为0010,完整性保护算法包括算法4和算法5,算法4的标识为0001,算法5的标识为0010,认证加密算法包括算法6,算法6的标识为0011,KDF包括KDF1和KDF2,KDF1的标识为0001,KDF2的标识为0010,若第二信息包括0001000100000001,则第一信息用于指示算法2、算法4和KDF1,若第二信息包括0000000000110010,则第一信息用于指示算法6和KDF2。
表7
Figure PCTCN2020093542-appb-000007
可以理解的,表7仅是算法/KDF的标识的示例,在具体应用中,算法/KDF的标识还可以是其他形式,不予限制。
方式2.2,第二信息包括一个比特序列,该比特序列中的一个比特与一个算法或一个KDF对应,例如,该比特序列中的一个比特与第一算法协商请求信息指示的一个或多个算法对应,或者该比特序列中的一个比特与第一算法协商请求信息指示的KDF对应。该比特序列中的每个比特可以通过0或1指示第一算法是否包括该比特对应的算法,或者第一KDF是否包括该比特对应的KDF。例如,若该比特为1,可以表示第一算法包括该比特对应的算法,或者第一KDF包括该比特对应的KDF,若该比特为0, 可以表示第一算法不包括该比特对应的算法,或者第一KDF不包括该比特对应的KDF,反之亦然。
示例性的,以第二信息包括5比特,该5比特中的第1个比特与算法1对应,第2个比特和算法2对应,第3个比特和算法3对应,第4个比特和密钥KDF1对应,第5个比特和密钥KDF2对应为例,若该5比特为01010,可以表示第一算法包括算法2,第一KDF包括KDF1;若该5比特为11001,可以表示第一算法包括算法1和算法2,第一KDF包括KDF2。
方式2.3,第二信息包括两个比特序列,该两个比特序列的长度可以相同也可以不同。
对于其中一个比特序列,该比特序列中的一个比特与一个算法对应,例如,该比特序列中的一个比特与第一算法协商请求信息指示的一个或多个算法对应。该比特序列中的每个比特可以通过0或1指示第一算法是否包括该比特对应的算法。例如,若该比特为1,可以表示第一算法包括该比特对应的算法,若该比特为0,可以表示第一算法不包括该比特对应的算法,反之亦然。
对于其中另一个比特序列,该比特序列中的一个比特与一个KDF对应,例如该比特序列中的一个比特与第一算法协商请求信息指示的KDF对应。该比特序列中的每个比特可以通过0或1指示第一KDF是否包括该比特对应的KDF。例如,若该比特为1,可以表示第一KDF包括该比特对应的KDF,若该比特为0,可以表示第一KDF不包括该比特对应的KDF,反之亦然。
示例性的,以第二信息包括两个比特序列,其中一个比特序列为3比特,该3比特中的第1个比特与算法1对应,第2个比特和算法2对应,第3个比特和算法3对应,其中另一个比特序列为2比特,该2比特中的第1个比特和密钥KDF1对应,第2个比特和密钥KDF2对应为例,若第二信息包括110和01,可以表示第一算法包括算法1和算法2,第一KDF包括KDF2;若第二信息包括010和10,可以表示第一算法包括算法2,第一KDF包括KDF1。
可选的,第二信息还包括与第一算法和第一KDF的指示无关的信息。例如,第二信息还包括第一验证信息;或者,第二信息还包括第一新鲜性参数和第一验证信息;或者,第二信息还包括用于指示步骤301中的一个或多个算法以及一个或多个KDF的指示信息。
其中,该第一新鲜性参数是与第一信息的时效性相关的参数。例如,该第一新鲜性参数包括第一节点中计数器的值或第二随机数。该计数器的值可以是第一节点确定发送第一信息时,第一节点的计数器的值,该计数器可以用于记录第一节点和第二节点的通信次数。该第二随机数可以是第一节点确定发送第一信息时生成的随机数。
其中,第一验证信息用于第二节点验证第一节点接收到的第一算法协商请求信息是否被修改。
示例性的,以第二信息还包括第一验证信息为例,第一验证信息是根据第一节点接收到的第一算法协商请求信息、预置的共享密钥和第二KDF得到。例如,AUTH 1=第二KDF(K,第一算法协商请求信息)。其中,AUTH 1为第一验证信息。K为预置的共享密钥,预置的共享密钥为预先设置的。具体的,预置的共享密钥可以通过任一 其他设备预先配置给相应的节点。第二KDF可以和第一KDF相同或不同。若第二KDF与第一KDF不同,第二KDF可以是预置在第一节点和第二节点中的KDF。
示例性的,以第二信息还包括第一新鲜性参数和第一验证信息为例,第一验证信息是根据第一节点接收到的第一算法协商请求信息、预置的共享密钥、第一新鲜性参数和第二KDF得到。例如,AUTH 1=第二KDF(K,第一新鲜性参数,第一算法协商请求信息),AUTH 1、K和第二KDF的介绍可以参考上述示例,不予赘述。
可以理解的,若第二信息还包括用于指示步骤301中的一个或多个算法以及一个或多个KDF的指示信息,后续第二节点接收到该指示信息后,可以根据该指示信息确定第一算法协商请求信息中的算法和KDF是否被修改。
下面介绍第一信息是通过至少一个第一算法加密并通过至少一个第一算法进行完整性保护的情况:
第一信息包括加密信息、第二通信信息和第二MAC。其中,加密信息是对第一通信信息进行加密处理后得到的,第一通信信息不指示至少一个第一算法或至少一个第一KDF中至少一个。第二通信信息用于指示至少一个第一算法和至少一个第一KDF中至少一个。第二MAC是对加密信息和第二通信信息进行完整性保护得到的。
进一步的,至少一个第一算法包括加密算法和完整性保护算法,加密信息是对第一通信信息通过加密算法进行加密处理后得到的,第二MAC是对加密信息和第二通信信息通过完整性保护算法进行完整性保护得到的;或者,至少一个第一算法包括认证加密算法,加密信息是对第一通信信息通过认证加密算法进行加密处理后得到的,第二MAC是对加密信息和第二通信信息通过认证加密算法进行完整性保护得到的。具体的,可以参考下述图4或图5所示方法中所述。
其中,第一信息可以通过下述方式中的任一种方式指示至少一个第一算法以及至少一个第一KDF:第二通信信息包括第一算法的标识和第一KDF的标识;或者,第二通信信息包括一个比特序列,该比特序列中的一个比特与一个算法或一个KDF对应;或者,第二通信信息包括两个比特序列,对于其中一个比特序列,该比特序列中的一个比特与一个算法对应,对于其中另一个比特序列,该比特序列中的一个比特与一个KDF对应。具体的,可以参考上述方式2.1-方式2.3中所述,不予赘述。
可选的,第一通信信息包括与第一算法和第一KDF的指示无关的信息。例如,第一通信信息包括第一验证信息;或者,第一通信信息包括第一新鲜性参数和第一验证信息;或者,第一通信信息包括用于指示步骤301中的一个或多个算法以及一个或多个KDF的指示信息。其中,第一验证信息、第一新鲜性参数和用于指示步骤301中的一个或多个算法以及一个或多个KDF的指示信息的介绍,可以参考上述第二信息包括与第一算法和第一KDF无关的信息时对应的描述,不予赘述。
可以理解的,上述描述中,第一节点是先加密信息再得到第二MAC,第一节点还可以先得到第二MAC,再对第一通信信息进行加密,不予限制。不同的是,当第一节点是先加密信息再得到第二MAC时,第二节点接收到第一信息后,要先验证第一信息的完整性,并在验证第一信息完整后解密加密信息。当第一节点先得到第二MAC,再对第一通信信息进行加密时,第二节点接收到第一信息后,先解密加密信息,再验证第一信息的完整性。
下面介绍第一信息是通过至少一个第一算法加密的情况:
第一信息包括加密信息和第二通信信息。其中,加密信息是对第一通信信息进行加密处理后得到的。第一通信信息和第二通信信息的介绍,以及第一信息指示至少一个第一算法以及至少一个第一KDF的介绍,可以参考上述第一信息是通过至少一个第一算法加密并通过至少一个第一算法进行完整性保护的情况中所述,不予赘述。
进一步的,至少一个第一算法包括加密算法。加密信息是对第一通信信息通过加密算法进行加密处理后得到的。示例性的,加密信息是通过加密密钥对第一通信信息进行加密得到。加密密钥的介绍可以参考下述图5所示方法中所述,不予赘述。
可以理解的,对于至少一个第一算法包括加密算法的情况,第一节点和第二节点通信时,发送方可以通过加密密钥对要发送的信息加密,得到加密信息,并将加密信息发送给接收方。接收方接收到加密信息后,可以通过加密密钥对于加密信息解密,得到发送方法要发送的信息。如此,可以提高第一节点与第二节点之间通信的安全性。
对应的,第二节点可以接收来自第一节点的第一信息。后续,第二节点采用至少一个第一算法以及至少一个第一KDF和第一节点通信。
可选的,若第一信息是通过至少一个第一算法进行完整性保护,第二节点要验证第一信息的完整性。若第一信息是通过至少一个第一算法进行完整性保护,第二节点接收到第一信息,根据至少一个第一KDF得到认证加密密钥,根据至少一个第一算法和第二信息得到第三MAC,并通过第三MAC验证第一信息的完整性,具体的,可以参考下述图6或图7所示方法中所述。若第一信息是通过至少一个第一算法加密并通过至少一个第一算法进行完整性保护,第二节点接收到第一信息,根据至少一个第一算法、加密信息和第二通信信息,得到第四MAC,并通过第四MAC验证第一信息的完整性,具体的,可以参考下述图4或图5所示方法中所述。
可选的,第二节点接收到该第一信息后,向第一节点发送确认信息。该确认信息用于指示第二节点接收到该第一信息。
可选的,第二节点接收到该第一信息后,向第一节点发送第二验证信息。第二验证信息用于第一节点验证第二节点接收到的第一信息是否被修改。
示例性的,第二验证信息是根据第二节点接收到的第一信息、预置的共享密钥和第二KDF得到,例如,AUTH 2=第二KDF(K,第一信息)。在这种情况下,第一节点接收到第二验证信息后,根据第一信息、预置的共享密钥和第二KDF得到第三验证信息,例如,AUTH 3=第二KDF(K,第一信息)。若第三验证信息和第二验证信息相同,则表示第二节点接收到的第一信息未被修改,若第三验证信息和第二验证信息不相同,则表示第二节点接收到的第一信息被修改。其中,AUTH 2为第二验证信息,AUTH 3为第三验证信息,K为预置的共享密钥,第二KDF可以和第一KDF相同或不同。若第二KDF与第一KDF不同,第二KDF可以是预置在第一节点和第二节点中的KDF。
示例性的,第二验证信息是根据第二节点接收到的第一信息、预置的共享密钥、第二新鲜性参数和第二KDF得到,例如,AUTH 2=第二KDF(K,第二新鲜性参数,第一信息)。在这种情况下,第一节点接收到第二验证信息后,根据第一信息、预置的共享密钥、第二新鲜性参数和第二KDF得到第三验证信息,例如,AUTH 3=第二 KDF(K,第二新鲜性参数,第一信息)。若第三验证信息和第二验证信息相同,则表示第二节点接收到的第一信息未被修改,若第三验证信息和第二验证信息不相同,则表示第二节点接收到的第一信息被修改。其中,AUTH 2、AUTH 3、K和第二KDF的介绍可以参考上述示例,不予赘述。
可选的,该确认信息或第二验证信息是通过至少一个第一算法进行完整性保护。该确认信息或第二验证信息通过至少一个第一算法进行完整性保护的过程,可以参考下述图4、图5、图6或图7所示方法中,第一信息通过至少一个第一算法进行完整性保护的描述,不予赘述。
基于图3所示的方法,第二节点可以向第一节点发送用于指示一个或多个算法和一个或多个KDF的第一算法协商请求信息。第一节点接收到该第一算法协商请求信息后,可以根据该第一算法协商请求信息确定至少一个第一算法和至少一个第一KDF,并向第二节点发送用于指示至少一个第一算法和至少一个第一KDF的第一信息。如此,第一节点和第二节点可以采用至少一个第一算法和至少一个第一KDF通信,从而可以使得第一节点和第二节点使用相同的算法对第一节点和第二节点之间通信的信息进行加密或解密。
可以理解的,针对第一信息包括的内容,和/或,至少一个第一算法可能包括的不同类型和数目的算法,存在几种不同的实施方式,具体的,可以参考下述图3所示方法的第一种实施方式、第二种实施方式、第三种实施方式和第四种实施方式。
可选的,在图3所示方法的第一种可能的实施方式中,第一信息包括加密信息、第二通信信息和第二MAC。当至少一个第一算法包括认证加密算法,加密信息是对第一通信信息通过认证加密算法进行加密处理后得到的,第二MAC是对加密信息和第二通信信息通过认证加密算法进行完整性保护得到的。第二节点接收到第一信息后,可以根据认证加密算法、加密信息和第二通信信息得到第四MAC,并通过第四MAC验证第一信息的完整性。具体的,如图4所示,图3所示的方法还包括步骤401-步骤404。
步骤401:第一节点根据至少一个第一KDF得到认证加密密钥。
其中,认证加密密钥可以用于加密第一通信信息,或者认证加密密钥可以用于解密加密信息,以及,认证加密密钥可以用于对第二通信信息和加密信息进行完整性保护,或者认证加密密钥可以用于验证第二通信信息和加密信息的完整性。
其中,第一节点可以通过下述任一种方式得到认证加密密钥。
方式3.1,第一节点以共享密钥作为第一KDF的输入,得到认证加密密钥,即K c=第一KDF(K),其中,K c为认证加密密钥,K为共享密钥。
方式3.2,第一节点以共享密钥和第二新鲜性参数作为第一KDF的输入,得到认证加密密钥,即K c=第一KDF(K,C),其中,K c为认证加密密钥,K为共享密钥,C为第二新鲜性参数。
方式3.3,第一节点以共享密钥、第二新鲜性参数和第一字符串作为第一KDF的输入,得到认证加密密钥,即K c=第一KDF(K,C,第一字符串),其中,K c为认证加密密钥,K为共享密钥,C为第二新鲜性参数。第一字符串可以用于标识认证加密算法,例如,若至少一个第一算法为用户面的认证加密算法时,第一字符串可以为“user  auth enc”可以标识用户面的认证加密算法。
方式3.4,第一节点以共享密钥、第二新鲜性参数、第一字符串和第一标识作为第一KDF的输入,得到认证加密密钥,即K c=第一KDF(K,C,第一字符串,第一标识),其中,K c为认证加密密钥,K为共享密钥,C为第二新鲜性参数,第一字符串的介绍可以参考上述方式3.3中所述,不予赘述。第一标识可以用于标识生成该认证加密密钥所使用的KDF,例如,该第一标识可以是第一KDF的标识。
可以理解的,第一标识可以包括数字和/或字符。方式3.4中的第一字符串可以为可选的参数。
方式3.5,第一节点根据共享密钥和第二新鲜性参数得到第一中间密钥;第一节点根据第一中间密钥,以及第一标识和第一字符串中的至少一项得到认证加密密钥。示例性的,第一节点以共享密钥和第二新鲜性参数作为KDF1的输入得到第一中间密钥,即K mid1=KDF1(K,C);第一节点以第一中间密钥、第一标识和第一字符串作为KDF2的输入得到认证加密密钥,即K c=KDF2(K mid1,第一标识,第一字符串),其中,K mid1为第一中间密钥,K为共享密钥,C为第二新鲜性参数,K c为认证加密密钥,第一字符串的介绍可以参考上述方式3.3中所述,第一标识的介绍可以参考上述方式3.4中所述,不予赘述。
其中,KDF1和KDF2可以包括在至少一个第一KDF中。KDF1和KDF2可以相同或者不同。例如,若至少一个第一KDF包括一个KDF,KDF1和KDF2相同;若至少一个第一KDF包括两个或者两个以上的KDF,KDF1和KDF2不相同。
可以理解的,这里是为了更清楚的阐述方案以两个步骤的方式解释如何得到认证加密密钥,在实际的处理中,也可以是通过一个步骤完成,第一中间密钥只是一个中间的结果,即确定认证加密密钥的方式满足:K c=KDF2(KDF1(K,C),第一算法,第一字符串)。
可选的,上述方式中的共享密钥预置在第一节点中,或者,上述方式中的共享密钥是在步骤401之前第一节点计算得到的。
进一步的,第二MAC是根据认证加密算法、加密信息、第二通信信息和认证加密密钥得到的。例如,第一节点以加密信息、第二通信信息和认证加密密钥作为认证加密算法的输入,得到该第二MAC。
步骤402:第二节点根据至少一个第一KDF得到认证加密密钥。
第二节点根据至少一个第一KDF得到认证加密密钥的具体过程,可以参考步骤401中第一节点根据至少一个第一KDF得到认证加密密钥的对应介绍,不予赘述。
步骤403:第二节点根据认证加密算法、加密信息和第二通信信息,得到第四MAC。
进一步的,第二节点根据认证加密算法、加密信息、第二通信信息和认证加密密钥,得到第四MAC。例如,第二节点以加密信息、第二通信信息和认证加密密钥作为认证加密算法的输入,得到第四MAC。
可以理解的,第二节点还可以对加密信息和第二通信信息中的部分信息进行完整性保护。例如,第二节点根据加密信息和第二通信信息中的部分信息、认证加密算法,和认证加密密钥,得到第四MAC。
步骤404:若第四MAC与第二MAC相同,第二节点通过认证加密算法对加密信 息解密。
可选的,若第四MAC与第二MAC相同,表示第一通信信息未被修改,第二节点通过认证加密密钥对加密信息进行解密,得到第一通信信息。
可选的,若第四MAC与第二MAC不相同,表示第一通信信息被修改,第二节点丢弃第一信息。第二节点可以再次执行步骤301,或者,第二节点可以指示第一节点重新确定至少一个第一算法和第一KDF。
可以理解的,若第一通信信息包括用于指示一个或多个算法以及一个或多个KDF的指示信息时,第二节点得到第一通信信息后,还可以验证第一通信信息包括的一个或多个算法以及一个或多个KDF与第一算法协商请求信息包括的一个或多个算法以及一个或多个KDF是否相同。若相同,则表示第一算法协商请求信息未被修改,第一节点和第二节点的通信环境安全。若不相同,则表示第一算法协商请求信息被修改,第一节点和第二节点的通信环境不安全。
可以理解的,若第一通信信息包括第一验证信息时,第二节点得到第一通信信息后,通过第一验证信息验证第一算法协商请求信息是否被修改。若第一算法协商请求信息未被修改,则第一节点和第二节点的通信环境安全,若第一算法协商请求信息被修改,则第一节点和第二节点的通信环境不安全。
基于图4所示的方法,若至少一个第一算法包括认证加密算法,第一节点和第二节点可以根据至少一个第一KDF得到认证加密密钥。后续,第一节点可以通过认证加密密钥对第一通信信息进行加密,得到加密信息,根据认证加密算法、加密信息、第二通信信息和认证加密密钥得到第二MAC,通过第二MAC对第一信息进行完整性保护。第二节点可以根据认证加密算法、加密信息、第二通信信息和认证加密密钥得到第四MAC,通过第四MAC验证第一信息的完整性。如此,第一节点和第二节点通信时,可以通过认证加密算法对第一通信信息加密,还可以通过认证加密算法对第一信息进行完整性保护,所以可以提高第一节点与第二节点通信的安全性。
可选的,在图3所示方法的第二种可能的实施方式中,第一信息包括加密信息、第二通信信息和第二MAC。当至少一个第一算法包括加密算法和完整性保护算法,加密信息是对第一通信信息通过加密算法进行加密处理后得到的,第二MAC是对加密信息和第二通信信息通过完整性保护算法进行完整性保护得到的。第二节点接收到第一信息后,可以根据完整性保护算法、加密信息和第二通信信息,得到第四MAC,并通过第四MAC验证第一信息的完整性。具体的,如图5所示,图3所示的方法还包括步骤501-步骤504。
步骤501:第一节点根据至少一个第一KDF,得到加密密钥和完整性保护密钥。
其中,加密密钥可以用于加密第一通信信息,或者加密密钥可以用于解密加密信息。完整性保护密钥可以用于对第二通信信息和加密信息进行完整性保护,或者完整性保护密钥可以用于验证第二通信信息和加密信息的完整性。
其中,第一节点可以通过下述任一种方式得到加密密钥和完整性保护密钥。
方式4.1,第一节点以共享密钥作为第一KDF的输入,得到加密密钥和完整性保护密钥,即K enc=第一KDF(K),K int=第一KDF(K),其中,K enc为加密密钥,K为共享密钥,K int为完整性保护密钥。
方式4.2,第一节点以共享密钥和第二新鲜性参数作为第一KDF的输入,得到加密密钥和完整性保护密钥,即K enc=第一KDF(K,C),K int=第一KDF(K,C),其中,K enc为加密密钥,K为共享密钥,C为第二新鲜性参数,K int为完整性保护密钥。
方式4.3,第一节点以共享密钥、第二新鲜性参数和第二字符串作为第一KDF的输入,得到加密密钥,即K enc=第一KDF(K,C,第二字符串)。第一节点以共享密钥、第二新鲜性参数和第三字符串作为第一KDF的输入,得到完整性保护密钥,即K int=第一KDF(K,C,第三字符串),其中,K enc为加密密钥,K为共享密钥,C为第二新鲜性参数,K int为完整性保护密钥。第二字符串可以用于标识加密算法,例如,若至少一个第一算法为信令面的加密算法时,第二字符串可以为“signalling enc”。第三字符串可以用于标识完整性保护算法,例如,若至少一个第一算法为信令面的完整性保护算法时,第三字符串可以为“signalling int”。
方式4.4,第一节点以共享密钥、第二新鲜性参数、第二字符串和第二标识作为第一KDF的输入,得到加密密钥,即K enc=第一KDF(K,C,第二字符串,第二标识)。第一节点以共享密钥、第二新鲜性参数、第三字符串和第三标识作为第一KDF的输入,得到完整性保护密钥,即K int=第一KDF(K,C,第三字符串,第三标识),其中,K enc为加密密钥,K为共享密钥,C为第二新鲜性参数,K int为完整性保护密钥,第二字符串和第三字符串的介绍可以参考上述方式3.3中所述,不予赘述。第二标识可以用于标识生成该加密密钥所使用的KDF,例如,该第二标识可以是生成该加密密钥的第一KDF的标识。第三标识可以用于标识生成该完整性保护密钥所使用的KDF,例如,该第三标识可以是生成该完整性保护密钥的第一KDF的标识。
可以理解的,第二标识或第三标识可以包括数字和/或字符。方式4.4中的第二字符串和第三字符串可以为可选的参数。
方式4.5,第一节点根据共享密钥和第二新鲜性参数得到第二中间密钥;第一节点根据第二中间密钥,以及第二标识和第二字符串中的至少一项得到加密密钥。示例性的,第一节点以共享密钥和第二新鲜性参数作为KDF3的输入得到第二中间密钥,即K mid2=KDF1(K,C);第一节点以第二中间密钥、第二标识和第二字符串作为KDF4的输入得到加密密钥,即K enc=KDF2(K mid2,第二标识,第二字符串)。第一节点根据共享密钥和第二新鲜性参数得到第三中间密钥;第一节点根据第三中间密钥,以及第三标识和第三字符串中的至少一项得到完整性保护密钥。示例性的,第一节点以共享密钥和第二新鲜性参数作为KDF5的输入得到第三中间密钥,即K mid3=KDF1(K,C);第一节点以第三中间密钥、第三标识和第三字符串作为KDF6的输入得到完整性保护密钥,即K int=KDF2(K mid3,第三标识,第三字符串)。
其中,K mid2为第二中间密钥,K为共享密钥,C为第二新鲜性参数,K enc为加密密钥,K mid3为第三中间密钥,K int为完整性保护密钥,第二字符串和第三字符串的介绍可以参考上述方式4.3中所述,第二标识和第三标识的介绍可以参考上述方式4.4中所述,不予赘述。
其中,KDF3、KDF4、KDF5和KDF6可以包括在至少一个第一KDF中。KDF3和KDF4可以相同或者不同。KDF5和KDF6可以相同或者不同。
可以理解的,这里是为了更清楚的阐述方案以两个步骤的方式解释如何得到加密 密钥和完整性保护密钥,在实际的处理中,也可以是通过一个步骤完成,第二中间密钥和第三中间密钥只是一个中间的结果,即确定加密密钥的方式满足:K enc=KDF4(KDF3(K,C),第二算法,第二字符串),确定完整性保护密钥的方式满足:K int=KDF6(KDF5(K,C),第三算法,第三字符串)。
可选的,上述方式中的共享密钥预置在第一节点中,或者,上述方式中的共享密钥是在步骤501之前第一节点计算得到的。
可选的,上述方式中,生成加密密钥的第一KDF和生成完整性保护密钥的第一KDF相同或不同。示例性的,至少一个第一KDF包括一个KDF,生成加密密钥的第一KDF和生成完整性保护密钥的第一KDF相同;至少一个第一KDF包括多个KDF,生成加密密钥的第一KDF和生成完整性保护密钥的第一KDF不同。
进一步的,第二MAC是根据完整性保护算法、加密信息、第二通信信息和完整性保护密钥得到的。例如,第一节点以加密信息、第二通信信息和完整性保护密钥作为完整性保护算法的输入,得到该第二MAC。
步骤502:第二节点根据至少一个第一KDF得到加密密钥和完整性保护密钥。
第二节点根据至少一个第一KDF得到加密密钥和完整性保护密钥的具体过程,可以参考步骤501中第一节点根据至少一个第一KDF得到加密密钥和完整性保护密钥的对应介绍,不予赘述。
步骤503:第二节点根据完整性保护算法、加密信息和第二通信信息,得到第四MAC。
进一步的,第二节点根据完整性保护算法、加密信息、第二通信信息和完整性保护密钥,得到第四MAC。例如,第二节点以加密信息、第二通信信息和完整性保护密钥作为完整性保护算法的输入,得到第四MAC。
可以理解的,第二节点还可以对加密信息和第二通信信息中的部分信息进行完整性保护。例如,第二节点根据加密信息和第二通信信息中的部分信息、完整性保护算法,和完整性保护密钥,得到第四MAC。
步骤504:若第四MAC与第二MAC相同,第二节点通过加密算法对加密信息进行解密。
可选的,若第四MAC与第二MAC相同,表示第一通信信息未被修改,第二节点通过加密密钥对加密信息进行解密,得到第一通信信息。
可选的,若第四MAC与第二MAC不相同,表示第一通信信息被修改,第二节点丢弃第一信息。第二节点可以再次执行步骤301,或者,第二节点可以指示第一节点重新确定至少一个第一算法和第一KDF。
可以理解的,若第一通信信息包括用于指示一个或多个算法以及一个或多个KDF的指示信息时,第二节点得到第一通信信息后,还可以验证第一通信信息包括的一个或多个算法以及一个或多个KDF与第一算法协商请求信息包括的一个或多个算法以及一个或多个KDF是否相同。若相同,则表示第一算法协商请求信息未被修改,第一节点和第二节点的通信环境安全。若不相同,则表示第一算法协商请求信息被修改,第一节点和第二节点的通信环境不安全。
可以理解的,若第一通信信息包括第一验证信息时,第二节点得到第一通信信息 后,通过第一验证信息验证第一算法协商请求信息是否被修改。若第一算法协商请求信息未被修改,则第一节点和第二节点的通信环境安全,若第一算法协商请求信息被修改,则第一节点和第二节点的通信环境不安全。
基于图5所示的方法,当至少一个第一算法包括加密算法和完整性保护算法,第一节点和第二节点可以根据至少一个第一KDF得到加密密钥和完整性保护密钥。后续,第一节点可以通过加密密钥对第一通信信息进行加密,得到加密信息,根据完整性保护算法、加密信息、第二通信信息和完整性保护密钥得到第二MAC,通过第二MAC对第一信息进行完整性保护。第二节点可以根据完整性保护算法、加密信息、第二通信信息和完整性保护密钥得到第四MAC,通过第四MAC验证第一信息的完整性。如此,第一节点和第二节点通信时,可以通过加密算法对第一通信信息加密,还可以通过完整性保护算法对第一信息进行完整性保护,所以可以提高第一节点与第二节点通信的安全性。
可选的,在图3所示方法的第三种可能的实施方式中,第一信息包括第二信息和第一MAC。当至少一个第一算法包括加密算法和完整性保护算法,第一MAC是对第二信息,通过完整性保护算法进行完整性保护得到的。第二节点接收到第一信息后,可以根据完整性保护算法、第二信息和完整性保护密钥得到第三MAC,并通过第三MAC验证第一信息的完整性。具体的,如图6所示,图3所示的方法还包括步骤601-步骤603。
步骤601:第一节点根据至少一个第一KDF,得到完整性保护密钥。
步骤601的具体过程可以参考上述步骤501中对应的描述,不予赘述。
进一步的,第一MAC是根据完整性保护算法、第二信息和完整性保护密钥得到的。例如,第一节点以第二信息和完整性保护密钥作为完整性保护算法的输入,得到第一MAC。
可选的,第一节点根据至少一个第一KDF得到加密密钥,以便后续第一节点和第二节点通过加密密钥对第一节点和第二节点之间的通信信息进行加密或解密,提高第一节点和第二节点之间通信的安全性。第一节点根据至少一个第一KDF得到加密密钥的过程,可以参考上述步骤501中对应的描述,不予赘述。
步骤602:第二节点根据至少一个第一KDF,得到完整性保护密钥。
步骤602的具体过程可以参考上述步骤502中对应的描述,不予赘述。
可选的,第二节点根据至少一个KDF得到加密密钥。第二节点根据至少一个第一KDF得到加密密钥的过程,可以参考上述步骤502中对应的描述,不予赘述。
步骤603:第二节点根据完整性保护算法和第二信息,得到第三MAC。
其中,第三MAC可以用于验证第二信息的完整性。
进一步的,第二节点根据完整性保护算法、第二信息和完整性保护密钥,得到第三MAC。例如,第二节点以第二信息和完整性保护密钥作为完整性保护算法的输入,得到第三MAC。
可以理解的,第二节点还可以对第二信息中的部分信息进行完整性保护。例如,第二节点根据第二信息中的部分信息、完整性保护算法,和完整性保护密钥,得到第三MAC。
需要说明的是,若第三MAC与第一MAC相同,则表示第二信息未被修改,第二节点和第一节点可以采用至少一个第一算法和至少一个第一KDF进行通信。若第三MAC与第一MAC不相同,则表示第一信息被修改,第二节点可以再次执行步骤301,或者,第二节点可以指示第一节点重新确定至少一个第一算法和第一KDF。
可以理解的,若第一通信信息包括用于指示一个或多个算法以及一个或多个KDF的指示信息时,第二节点得到第一通信信息后,还可以验证第一通信信息包括的一个或多个算法以及一个或多个KDF与第一算法协商请求信息包括的一个或多个算法以及一个或多个KDF是否相同。若相同,则表示第一算法协商请求信息未被修改,第一节点和第二节点的通信环境安全。若不相同,则表示第一算法协商请求信息被修改,第一节点和第二节点的通信环境不安全。
可以理解的,若第一通信信息包括第一验证信息,第二节点得到第一通信信息后,通过第一验证信息验证第一算法协商请求信息是否被修改。若第一算法协商请求信息未被修改,则第一节点和第二节点的通信环境安全,若第一算法协商请求信息被修改,则第一节点和第二节点的通信环境不安全。
基于图6所示的方法,当至少一个第一算法包括加密算法和完整性保护算法,第一节点和第二节点可以根据至少一个第一KDF得到加密密钥和完整性保护密钥。后续,第一节点可以根据完整性保护算法、第二信息和完整性保护密钥得到第一MAC,并通过第一MAC对第一信息进行完整性保护。第二节点可以根据完整性保护算法、第二信息和完整性保护密钥得到第三MAC,并通过第三MAC验证第一信息的完整性。如此,第一节点和第二节点通信时,可以通过完整性保护算法对第一信息进行完整性保护,所以可以提高第一节点与第二节点通信的安全性。
可选的,在图3所示方法的第四种可能的实施方式中,第一信息包括第二信息和第一MAC。当至少一个第一算法包括认证加密算法,第一MAC是对第二信息,通过认证加密算法进行完整性保护得到的。第二节点接收到第一信息后,可以根据认证加密算法、第二信息和认证加密密钥得到第三MAC,并通过第三MAC验证第一信息的完整性。具体的,如图7所示,图3所示的方法还包括步骤701-步骤703。
步骤701:第一节点根据至少一个第一KDF,得到认证加密密钥。
步骤701的具体过程可以参考上述步骤401中对应的描述,不予赘述。
进一步的,第一MAC是根据认证加密算法、第二信息和认证加密密钥得到的。例如,第一节点以第二信息和认证加密密钥作为认证加密算法的输入,得到第一MAC。
步骤702:第二节点根据至少一个第一KDF,得到认证加密密钥。
步骤702的具体过程可以参考上述步骤402中对应的描述,不予赘述。
步骤703:第二节点根据认证加密算法和第二信息,得到第三MAC。
其中,第三MAC可以用于验证第二信息的完整性。
进一步的,第二节点根据认证加密算法、第二信息和认证加密密钥,得到第三MAC。例如,第二节点以第二信息和认证加密密钥作为认证加密算法的输入,得到第三MAC。
可以理解的,第二节点还可以对第二信息中的部分信息进行完整性保护。例如,第二节点根据第二信息中的部分信息、认证加密算法,和认证加密密钥,得到第三MAC。
需要说明的是,若第三MAC与第一MAC相同,则表示第二信息未被修改,第二 节点和第一节点可以采用至少一个第一算法和至少一个第一KDF进行通信。若第三MAC与第一MAC不相同,则表示第一信息被修改,第二节点可以再次执行步骤301,或者,第二节点可以指示第一节点重新确定至少一个第一算法和第一KDF。
可以理解的,若第一通信信息包括用于指示一个或多个算法以及一个或多个KDF的指示信息时的情况,以及第一通信信息包括第一验证信息时的情况,可以参考上述图6所述方法中所述,不予赘述。
基于图7所示的方法,当至少一个第一算法包括认证加密算法,第一节点和第二节点可以根据至少一个第一KDF得到认证加密密钥。后续,第一节点可以根据认证加密算法、第二信息和认证加密密钥得到第一MAC,并通过第一MAC对第一信息进行完整性保护。第二节点可以根据认证加密算法、第二信息和认证加密密钥得到第三MAC,并通过第三MAC验证第一信息的完整性。如此,第一节点和第二节点通信时,可以通过认证加密算法对第一信息进行完整性保护,所以可以提高第一节点与第二节点通信的安全性。
可以理解的,在图3所示方法、图4所示方法、图5所示方法或图6所示方法的步骤301之前,第二节点可以多次向第一节点发送一个或多个算法和一个或多个KDF的指示信息,以便第一节点从多次发送的指示信息中确定至少一个第一算法和至少一个第一KDF。下面以图3所示方法为例,介绍上述过程。
可选的,如图8所示,在图3所示方法的第五种可能的实施方式中,图3所示的方法还包括步骤801-步骤802。
步骤801:第二节点向第一节点发送第二算法协商请求信息。
其中,第二算法协商请求信息可以用于指示一个或多个算法和一个或多个KDF。
可选的,第二算法协商请求信息指示的一个或多个算法不同于第一算法协商请求信息指示的一个或多个算法。例如,第二算法协商请求信息指示的一个或多个算法,和第一算法协商请求信息指示的一个或多个算法完全不相同;或者,第二算法协商请求信息指示的一个或多个算法,和第一算法协商请求信息指示的一个或多个算法不完全相同。第二算法协商请求信息指示的一个或多个KDF不同于第一算法协商请求信息指示的一个或多个KDF。例如,第二算法协商请求信息指示的一个或多个KDF,和第一算法协商请求信息指示的一个或多个KDF完全不相同;或者,第二算法协商请求信息指示的一个或多个KDF,和第一算法协商请求信息指示的一个或多个KDF不完全相同。
可选的,第二算法协商请求信息还包括第二节点的标识和第三新鲜性参数。其中,第二节点的标识可以用于标识该第二节点。该第三新鲜性参数是与第二算法协商请求信息的时效性相关的参数。例如,该第三新鲜性参数包括第二节点中计数器的值或第三随机数。该计数器的值可以是第二节点确定发送第二算法协商请求信息时,第二节点的计数器的值,该计数器可以用于记录第一节点和第二节点的通信次数。该第三随机数可以是第二节点确定发送第二算法协商请求信息时,第二节点生成的随机数。
步骤801的具体过程可以参考上述步骤301中第二节点向第一节点发送第一算法协商请求信息中对应的描述,不予赘述。
步骤802:第一节点接收来自第二节点的第二算法协商请求信息,并向第二节点 发送第三信息。
其中,第三信息可以用于指示不支持或不适用第二算法协商请求信息指示的一个或多个算法和一个或多个KDF。
可以理解的,当第一节点指示不支持或不适用第二节点指示的一个或多个算法和一个或多个KDF时,第二节点可以再次执行步骤801,直至第一节点根据第二节点指示的一个或多个算法和一个或多个KDF确定出至少一个第一算法和至少一个第一KDF。
可以理解的,步骤801和步骤802除了在图3所示的方法的步骤301之前执行之外,也可以在图4、图5、图6或图7所示方法的步骤301之前执行,不予限制。
基于图8所示的方法,第二节点在第一节点确定至少一个第一算法和至少一个第一KDF之前,可以多次向第一节点发送一个或多个算法和一个或多个KDF的指示信息。如此,第二节点可以通过多次向第一节点发送一个或多个算法和一个或多个KDF的指示信息,和第一节点协商第一节点和第二节点之间采用的算法以及KDF。
上述主要从第一节点和第二节点之间交互的角度对本申请实施例提供的方案进行了介绍。可以理解的是,上述第一节点或者第二节点等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法操作,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
本申请实施例可以根据上述方法示例对第一节点或第二节点进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。
比如,以采用集成的方式划分各个功能模块的情况下,图9示出了一种通信装置的结构示意图。该通信装置可以为第一节点或者第一节点中的芯片或者片上系统,该通信装置可以用于执行上述实施例中涉及的第一节点的功能。
作为一种可能的实现方式,图9所示的通信装置包括:接收模块901、处理模块902和发送模块903。
接收模块901,用于接收来自第二节点的第一算法协商请求信息,该第一算法协商请求信息用于指示一个或多个算法和一个或多个KDF。
处理模块902,用于确定该一个或多个算法中的至少一个第一算法和该一个或多个KDF中的至少一个第一KDF。
发送模块903,用于向该第二节点发送第一信息,该第一信息用于指示该至少一个第一算法以及该至少一个第一KDF。
可选的,该一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
可选的,该第一信息是通过该至少一个第一算法进行完整性保护。
可选的,该第一信息包括第二信息和第一消息认证码MAC,其中:该第二信息用于指示该至少一个第一算法以及该至少一个第一KDF,该第一MAC是对该第二信息进行完整性保护得到的。
可选的,该至少一个第一算法包括完整性保护算法,该第一MAC是对该第二信息,通过该完整性保护算法进行完整性保护得到的;或者,该至少一个第一算法包括该认证加密算法,该第一MAC是对该第二信息,通过该认证加密算法进行完整性保护得到的。
可选的,该第二信息还包括第一新鲜性参数和第一验证信息,该第一新鲜性参数是与该第一信息的时效性相关的参数,该第一验证信息是根据该第一算法协商请求信息、预置的共享密钥、该第一新鲜性参数和该第一KDF得到的。
可选的,该第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:该加密信息是对第一通信信息进行加密处理后得到的,该第一通信信息不指示该至少一个第一算法或该至少一个第一KDF中至少一个,该第二通信信息用于指示该至少一个第一算法或该至少一个第一KDF中至少一个;该第二MAC是对该加密信息和该第二通信信息进行完整性保护得到的。
可选的,该至少一个第一算法包括加密算法和完整性保护算法;该加密信息是对该第一通信信息通过该加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该完整性保护算法进行完整性保护得到的。
可选的,该至少一个第一算法包括认证加密算法;该加密信息是对该第一通信信息通过该认证加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该认证加密算法进行完整性保护得到的。
可选的,该至少一个第一算法为该一个或多个算法中,该通信装置支持的优先级最高的算法;该至少一个第一KDF为该一个或多个KDF中、该通信装置支持的优先级最高的KDF。
可选的,第一算法协商请求信息还包括第二新鲜性参数,该第二新鲜性参数是与该第一算法协商请求信息的时效性相关的参数,接收模块901,还用于接收来自该第二节点第二验证信息;其中,该第二验证信息是根据该第一信息、预置的共享密钥、该第二新鲜性参数和该第一KDF得到的;处理模块902,还用于根据该第一信息、该预置的共享密钥、该第二新鲜性参数和该第一KDF验证该第二验证信息。
可选的,接收模块901,还用于接收来自该第二节点的第二算法协商请求信息,该第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;发送模块903,还用于向该第二节点发送第三信息,该第三信息用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF。
可选的,该第二算法协商请求信息指示的一个或多个算法不同于该第一算法协商请求信息指示的一个或多个算法;该第二算法协商请求信息指示的一个或多个KDF不同于该第一算法协商请求信息指示的一个或多个KDF。
其中,上述方法实施例涉及的各操作的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。
在本实施例中,该通信装置以采用集成的方式划分各个功能模块的形式来呈现。这里的“模块”可以指特定ASIC,电路,执行一个或多个软件或固件程序的处理器和存储器,集成逻辑电路,和/或其他可以提供上述功能的器件。在一个简单的实施例中,本领域的技术人员可以想到该通信装置可以采用图2所示的形式。
比如,图2中的处理器201可以通过调用存储器203中存储的计算机执行指令,使得通信装置执行上述方法实施例中的通信方法。
示例性的,图9中的接收模块901、处理模块902和发送模块903的功能/实现过程可以通过图2中的处理器201调用存储器203中存储的计算机执行指令来实现。或者,图9中的处理模块902的功能/实现过程可以通过图2中的处理器201调用存储器203中存储的计算机执行指令来实现,图9中的接收模块901和发送模块903的功能/实现过程可以通过图2中的通信接口204来实现。
由于本实施例提供的通信装置可执行上述的通信方法,因此其所能获得的技术效果可参考上述方法实施例,在此不再赘述。
比如,以采用集成的方式划分各个功能模块的情况下,图10示出了一种通信装置的结构示意图。该通信装置可以为第二节点或者第二节点中的芯片或者片上系统,该通信装置可以用于执行上述实施例中涉及的第二节点的功能。
作为一种可能的实现方式,图10所示的通信装置包括:发送模块1001和接收模块1002。
发送模块1001,用于向第一节点发送第一算法协商请求信息,该第一算法协商请求信息用于指示一个或多个算法和一个或多个KDF。
接收模块1002,用于接收来自该第一节点的第一信息,其中,该第一信息用于指示该一个或多个算法中的至少一个第一算法和该一个或多个KDF中的至少一个第一KDF。
可选的,该一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
可选的,该第一信息是通过该至少一个第一算法进行完整性保护。
可选的,该第一信息包括第二信息和第一消息验证码MAC,其中:该第二信息用于指示该至少一个第一算法以及该至少一个第一KDF,该第一MAC是对该第二信息进行完整性保护得到的。
可选的,如图11所示,该通信装置还包括处理模块1003;该至少一个第一算法包括完整性保护算法,该第一MAC是对该第二信息,通过该完整性保护算法进行完整性保护得到的;处理模块1003,用于根据该完整性保护算法和该第二信息,得到第三MAC,该第三MAC用于验证该第二信息的完整性;或者,该至少一个第一算法包括认证加密算法,该第一MAC是对该第二信息,通过该认证加密算法进行完整性保护得到的;处理模块1003,用于根据该认证加密算法和该第二信息,得到第三MAC,该第三MAC用于验证该第二信息的完整性。
可选的,该第二信息还包括第一新鲜性参数和第一验证信息,该第一新鲜性参数是与该第一信息的时效性相关的参数,该第一验证信息是根据该第一算法协商请求信息、预置的共享密钥、该第一新鲜性参数和该第一KDF得到的。
可选的,该第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:该加密信息是对第一通信信息进行加密处理后得到的,该第一通信信息不指示该至少一个第一算法或该至少一个第一KDF中至少一个,该第二通信信息用于指示该至少一个第一算法或该至少一个第一KDF中至少一个;该第二MAC是对该加密信息和该第二通信信息进行完整性保护得到的。
可选的,该至少一个第一算法包括加密算法和完整性保护算法,该加密信息是对该第一通信信息通过该加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该完整性保护算法进行完整性保护得到的;处理模块1003,用于根据该完整性保护算法、该加密信息和该第二通信信息,得到第四MAC;处理模块1003,还用于若该第四MAC与该第二MAC相同,通过该加密算法对该加密信息进行解密。
可选的,该至少一个第一算法包括认证加密算法,该加密信息是对该第一通信信息通过该认证加密算法进行加密处理后得到的;该第二MAC是对该加密信息和该第二通信信息通过该认证加密算法进行完整性保护得到的;处理模块1003,用于根据该认证加密算法、该加密信息和该第二通信信息,得到第四MAC;处理模块1003,还用于若该第四MAC与该第二MAC相同,通过该认证加密算法对该加密信息解密。
可选的,该至少一个第一算法为该一个或多个算法中,该第一节点支持的优先级最的算法;该至少一个第一KDF为该一个或多个KDF中、该第一节点支持的优先级最高的KDF。
可选的,第一算法协商请求信息还包括第二新鲜性参数,该第二新鲜性参数是与该第一算法协商请求信息的时效性相关的参数,发送模块1001,还用于向该第一节点发送第二验证信息;其中,该第二验证信息是根据该第一信息、预置的共享密钥、该第二新鲜性参数和该第一KDF得到的。
可选的,发送模块1001,还用于向该第一节点发送第二算法协商请求信息,该第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;接收模块1002,还用于接收来自该第一节点的第三信息,该第三信息用于指示不支持或者不适用该第二算法协商请求信息指示的该一个或多个算法和该一个或多个KDF。
可选的,该第二算法协商请求信息指示的一个或多个算法不同于该第一算法协商请求信息指示的一个或多个算法;该第二算法协商请求信息指示的一个或多个KDF不同于该第一算法协商请求信息指示的一个或多个KDF。
其中,上述方法实施例涉及的各操作的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。
在本实施例中,该通信装置以采用集成的方式划分各个功能模块的形式来呈现。这里的“模块”可以指特定ASIC,电路,执行一个或多个软件或固件程序的处理器和存储器,集成逻辑电路,和/或其他可以提供上述功能的器件。在一个简单的实施例中,本领域的技术人员可以想到该通信装置可以采用图2所示的形式。
比如,图2中的处理器201可以通过调用存储器203中存储的计算机执行指令,使得通信装置执行上述方法实施例中的通信方法。
示例性的,图11中的发送模块1001、接收模块1002和处理模块1003的功能/实 现过程可以通过图2中的处理器201调用存储器203中存储的计算机执行指令来实现。或者,图11中的处理模块1003的功能/实现过程可以通过图2中的处理器201调用存储器203中存储的计算机执行指令来实现,图11中的发送模块1001和接收模块1002的功能/实现过程可以通过图2中的通信接口204来实现。
由于本实施例提供的通信装置可执行上述的通信方法,因此其所能获得的技术效果可参考上述方法实施例,在此不再赘述。
图12示出了的一种通信系统的组成示意图,如图12所示,该通信系统120中可以包括:节点1201和节点1202。需要说明的是,图12仅为示例性附图,本申请实施例不限定图12所示通信系统120包括的节点以及节点的个数。
其中,节点1201具有上述图9所示通信装置的功能,用于接收来自第二节点的第一算法协商请求信息,确定该一个或多个算法中的至少一个第一算法和该一个或多个KDF中的至少一个第一KDF,并向该第二节点发送第一信息。
节点1202具有上述图10或图11所示通信装置的功能,可以用于向第一节点发送第一算法协商请求信息,并接收来自该第一节点的第一信息。
需要说明的是,上述方法实施例涉及的各步骤的所有相关内容均可以援引到该通信系统120对应节点的功能描述,在此不再赘述。
图13为本申请实施例提供的一种芯片的结构示意图。芯片130包括一个或多个处理器1301以及接口电路1302。可选的,所述芯片130还可以包含总线1303。其中:
处理器1301可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器1301中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器1301可以是通用处理器、数字通信器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
接口电路1302用于数据、指令或者信息的发送或者接收。处理器1301可以利用接口电路1302接收的数据、指令或者其它信息,进行加工,可以将加工完成信息通过接口电路1302发送出去。
可选的,芯片130还包括存储器,存储器可以包括只读存储器和随机存取存储器,并向处理器提供操作指令和数据。存储器的一部分还可以包括非易失性随机存取存储器(NVRAM)。
可选的,存储器存储了可执行软件模块或者数据结构,处理器可以通过调用存储器存储的操作指令(该操作指令可存储在操作系统中),执行相应的操作。
可选的,芯片130可以使用在本申请实施例涉及的通信装置(包括第一节点和第二节点)中。可选的,接口电路1302可用于输出处理器1301的执行结果。关于本申请的一个或多个实施例提供的通信方法可参考前述各个实施例,这里不再赘述。
需要说明的,处理器1301、接口电路1302各自对应的功能既可以通过硬件设计实现,也可以通过软件设计来实现,还可以通过软硬件结合的方式来实现,这里不作限制。
本申请实施例还提供一种智能座舱产品,所述智能座舱产品包括上述第一节点和 /或上述第二节点。
本申请实施例还提供一种智能设备或者运输工具,所述车辆包括第一节点和/或第二节点。具体的,所述智能设备可以为机器人等,所述运输工具可以为智能汽车、无人机或无人运输车等。
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个装置,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是一个物理单元或多个物理单元,即可以位于一个地方,或者也可以分布到多个不同地方。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个可读取存储介质中。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该软件产品存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。

Claims (54)

  1. 一种通信方法,其特征在于,所述方法包括:
    接收来自第二节点的第一算法协商请求信息,所述第一算法协商请求信息用于指示一个或多个算法和一个或多个密钥派生函数KDF;
    确定所述一个或多个算法中的至少一个第一算法和所述一个或多个KDF中的至少一个第一KDF;
    向所述第二节点发送第一信息,所述第一信息用于指示所述至少一个第一算法以及所述至少一个第一KDF。
  2. 根据权利要求1所述的方法,其特征在于,所述一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
  3. 根据权利要求2所述的方法,其特征在于,所述第一信息是通过所述至少一个第一算法进行完整性保护。
  4. 根据权利要求2或3所述的方法,其特征在于,所述第一信息包括第二信息和第一消息认证码MAC,其中:
    所述第二信息用于指示所述至少一个第一算法以及所述至少一个第一KDF,所述第一MAC是对所述第二信息进行完整性保护得到的。
  5. 根据权利要求4所述的方法,其特征在于,
    所述至少一个第一算法包括完整性保护算法,所述第一MAC是对所述第二信息,通过所述完整性保护算法进行完整性保护得到的;或者,
    所述至少一个第一算法包括认证加密算法,所述第一MAC是对所述第二信息,通过所述认证加密算法进行完整性保护得到的。
  6. 根据权利要求4或5所述的方法,其特征在于,所述第二信息还包括第一新鲜性参数和第一验证信息,所述第一新鲜性参数是与所述第一信息的时效性相关的参数,所述第一验证信息是根据所述第一算法协商请求信息、预置的共享密钥、所述第一新鲜性参数和所述第一KDF得到的。
  7. 根据权利要求2或3所述的方法,其特征在于,所述第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:
    所述加密信息是对第一通信信息进行加密处理后得到的,所述第一通信信息不指示所述至少一个第一算法或所述至少一个第一KDF中至少一个,所述第二通信信息用于指示所述至少一个第一算法或所述至少一个第一KDF中至少一个;
    所述第二MAC是对所述加密信息和所述第二通信信息进行完整性保护得到的。
  8. 根据权利要求7所述的方法,其特征在于,所述至少一个第一算法包括加密算法和完整性保护算法;
    所述加密信息是对所述第一通信信息通过所述加密算法进行加密处理后得到的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述完整性保护算法进行完整性保护得到的。
  9. 根据权利要求7所述的方法,其特征在于,所述至少一个第一算法包括认证加密算法;
    所述加密信息是对所述第一通信信息通过所述认证加密算法进行加密处理后得到 的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述认证加密算法进行完整性保护得到的。
  10. 根据权利要求1-9中任一项所述的方法,其特征在于,所述至少一个第一算法为所述一个或多个算法中,第一节点支持的优先级最高的算法;所述至少一个第一KDF为所述一个或多个KDF中、所述第一节点支持的优先级最高的KDF。
  11. 根据权利要求1-10中任一项所述的方法,其特征在于,所述第一算法协商请求信息包括第二新鲜性参数,所述第二新鲜性参数是与所述第一算法协商请求信息的时效性相关的参数,所述方法还包括:
    接收来自所述第二节点第二验证信息;其中,所述第二验证信息是根据所述第一信息、预置的共享密钥、所述第二新鲜性参数和所述第一KDF得到的;
    根据所述第一信息、所述预置的共享密钥、所述第二新鲜性参数和所述第一KDF验证所述第二验证信息。
  12. 根据权利要求1-11中任一项所述的方法,其特征在于,所述方法还包括:
    接收来自所述第二节点的第二算法协商请求信息,所述第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;
    向所述第二节点发送第三信息,所述第三信息用于指示不支持或者不适用所述第二算法协商请求信息指示的所述一个或多个算法和所述一个或多个KDF。
  13. 根据权利要求12所述的方法,其特征在于,所述第二算法协商请求信息指示的一个或多个算法不同于所述第一算法协商请求信息指示的一个或多个算法;
    所述第二算法协商请求信息指示的一个或多个KDF不同于所述第一算法协商请求信息指示的一个或多个KDF。
  14. 一种通信方法,其特征在于,所述方法包括:
    向第一节点发送第一算法协商请求信息,所述第一算法协商请求信息用于指示一个或多个算法和一个或多个密钥派生函数KDF;
    接收来自所述第一节点的第一信息,其中,所述第一信息用于指示所述一个或多个算法中的至少一个第一算法和所述一个或多个KDF中的至少一个第一KDF。
  15. 根据权利要求14所述的方法,其特征在于,所述一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
  16. 根据权利要求15所述的方法,其特征在于,所述第一信息是通过所述至少一个第一算法进行完整性保护。
  17. 根据权利要求15或16所述的方法,其特征在于,所述第一信息包括第二信息和第一消息验证码MAC,其中:
    所述第二信息用于指示所述至少一个第一算法以及所述至少一个第一KDF,所述第一MAC是对所述第二信息进行完整性保护得到的。
  18. 根据权利要求17所述的方法,其特征在于,
    所述至少一个第一算法包括完整性保护算法,所述第一MAC是对所述第二信息,通过所述完整性保护算法进行完整性保护得到的;所述方法还包括:根据所述完整性保护算法和所述第二信息,得到第三MAC,所述第三MAC用于验证所述第二信息的 完整性;或者,
    所述至少一个第一算法包括认证加密算法,所述第一MAC是对所述第二信息,通过所述认证加密算法进行完整性保护得到的;所述方法还包括:根据所述认证加密算法和所述第二信息,得到第三MAC,所述第三MAC用于验证所述第二信息的完整性。
  19. 根据权利要求17或18所述的方法,其特征在于,所述第二信息还包括第一新鲜性参数和第一验证信息,所述第一新鲜性参数是与所述第一信息的时效性相关的参数,所述第一验证信息是根据所述第一算法协商请求信息、预置的共享密钥、所述第一新鲜性参数和所述第一KDF得到的。
  20. 根据权利要求15或16所述的方法,其特征在于,所述第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:
    所述加密信息是对第一通信信息进行加密处理后得到的,所述第一通信信息不指示所述至少一个第一算法或所述至少一个第一KDF中至少一个,所述第二通信信息用于指示所述至少一个第一算法或所述至少一个第一KDF中至少一个;
    所述第二MAC是对所述加密信息和所述第二通信信息进行完整性保护得到的。
  21. 根据权利要求20所述的方法,其特征在于,所述至少一个第一算法包括加密算法和完整性保护算法;
    所述加密信息是对所述第一通信信息通过所述加密算法进行加密处理后得到的;所述第二MAC是对所述加密信息和所述第二通信信息通过所述完整性保护算法进行完整性保护得到的;
    所述方法还包括:
    根据所述完整性保护算法、所述加密信息和所述第二通信信息,得到第四MAC;
    若所述第四MAC与所述第二MAC相同,通过所述加密算法对所述加密信息进行解密。
  22. 根据权利要求20所述的方法,其特征在于,所述至少一个第一算法包括认证加密算法;
    所述加密信息是对所述第一通信信息通过所述认证加密算法进行加密处理后得到的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述认证加密算法进行完整性保护得到的;
    所述方法还包括:
    根据所述认证加密算法、所述加密信息和所述第二通信信息,得到第四MAC;
    若所述第四MAC与所述第二MAC相同,通过所述认证加密算法对所述加密信息解密。
  23. 根据权利要求14-22中任一项所述的方法,其特征在于,所述至少一个第一算法为所述一个或多个算法中,所述第一节点支持的优先级最的算法;所述至少一个第一KDF为所述一个或多个KDF中、所述第一节点支持的优先级最高的KDF。
  24. 根据权利要求14-23中任一项所述的方法,其特征在于,所述第一算法协商请求信息还包括第二新鲜性参数,所述第二新鲜性参数是与所述第一算法协商请求信 息的时效性相关的参数,所述方法还包括:
    向所述第一节点发送第二验证信息;其中,所述第二验证信息是根据所述第一信息、预置的共享密钥、所述第二新鲜性参数和所述第一KDF得到的。
  25. 根据权利要求14-24中任一项所述的方法,其特征在于,所述方法还包括:
    向所述第一节点发送第二算法协商请求信息,所述第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;
    接收来自所述第一节点的第三信息,所述第三信息用于指示不支持或者不适用所述第二算法协商请求信息指示的所述一个或多个算法和所述一个或多个KDF。
  26. 根据权利要求25所述的方法,其特征在于,所述第二算法协商请求信息指示的一个或多个算法不同于所述第一算法协商请求信息指示的一个或多个算法;
    所述第二算法协商请求信息指示的一个或多个KDF不同于所述第一算法协商请求信息指示的一个或多个KDF。
  27. 一种通信装置,其特征在于,所述通信装置包括:接收模块、处理模块和发送模块;
    所述接收模块,用于接收来自第二节点的第一算法协商请求信息,所述第一算法协商请求信息用于指示一个或多个算法和一个或多个密钥派生函数KDF;
    所述处理模块,用于确定所述一个或多个算法中的至少一个第一算法和所述一个或多个KDF中的至少一个第一KDF;
    所述发送模块,用于向所述第二节点发送第一信息,所述第一信息用于指示所述至少一个第一算法以及所述至少一个第一KDF。
  28. 根据权利要求27所述的通信装置,其特征在于,所述一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
  29. 根据权利要求28所述的通信装置,其特征在于,所述第一信息是通过所述至少一个第一算法进行完整性保护。
  30. 根据权利要求28或29所述的通信装置,其特征在于,所述第一信息包括第二信息和第一消息认证码MAC,其中:
    所述第二信息用于指示所述至少一个第一算法以及所述至少一个第一KDF,所述第一MAC是对所述第二信息进行完整性保护得到的。
  31. 根据权利要求30所述的通信装置,其特征在于,
    所述至少一个第一算法包括完整性保护算法,所述第一MAC是对所述第二信息,通过所述完整性保护算法进行完整性保护得到的;或者,
    所述至少一个第一算法包括认证加密算法,所述第一MAC是对所述第二信息,通过所述认证加密算法进行完整性保护得到的。
  32. 根据权利要求30或31所述的通信装置,其特征在于,所述第二信息还包括第一新鲜性参数和第一验证信息,所述第一新鲜性参数是与所述第一信息的时效性相关的参数,所述第一验证信息是根据所述第一算法协商请求信息、预置的共享密钥、所述第一新鲜性参数和所述第一KDF得到的。
  33. 根据权利要求28或29所述的通信装置,其特征在于,所述第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:
    所述加密信息是对第一通信信息进行加密处理后得到的,所述第一通信信息不指示所述至少一个第一算法或所述至少一个第一KDF中至少一个,所述第二通信信息用于指示所述至少一个第一算法或所述至少一个第一KDF中至少一个;
    所述第二MAC是对所述加密信息和所述第二通信信息进行完整性保护得到的。
  34. 根据权利要求33所述的通信装置,其特征在于,所述至少一个第一算法包括加密算法和完整性保护算法;
    所述加密信息是对所述第一通信信息通过所述加密算法进行加密处理后得到的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述完整性保护算法进行完整性保护得到的。
  35. 根据权利要求33所述的通信装置,其特征在于,所述至少一个第一算法包括认证加密算法;
    所述加密信息是对所述第一通信信息通过所述认证加密算法进行加密处理后得到的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述认证加密算法进行完整性保护得到的。
  36. 根据权利要求27-35中任一项所述的通信装置,其特征在于,所述至少一个第一算法为所述一个或多个算法中,所述通信装置支持的优先级最高的算法;所述至少一个第一KDF为所述一个或多个KDF中、所述通信装置支持的优先级最高的KDF。
  37. 根据权利要求27-36中任一项所述的通信装置,其特征在于,所述第一算法协商请求信息还包括第二新鲜性参数,所述第二新鲜性参数是与所述第一算法协商请求信息的时效性相关的参数,
    所述接收模块,还用于接收来自所述第二节点第二验证信息;其中,所述第二验证信息是根据所述第一信息、预置的共享密钥、所述第二新鲜性参数和所述第一KDF得到的;
    所述处理模块,还用于根据所述第一信息、所述预置的共享密钥、所述第二新鲜性参数和所述第一KDF验证所述第二验证信息。
  38. 根据权利要求27-37中任一项所述的通信装置,其特征在于,
    所述接收模块,还用于接收来自所述第二节点的第二算法协商请求信息,所述第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;
    所述发送模块,还用于向所述第二节点发送第三信息,所述第三信息用于指示不支持或者不适用所述第二算法协商请求信息指示的所述一个或多个算法和所述一个或多个KDF。
  39. 根据权利要求38所述的通信装置,其特征在于,所述第二算法协商请求信息指示的一个或多个算法不同于所述第一算法协商请求信息指示的一个或多个算法;
    所述第二算法协商请求信息指示的一个或多个KDF不同于所述第一算法协商请求信息指示的一个或多个KDF。
  40. 一种通信装置,其特征在于,所述通信装置包括:发送模块和接收模块;
    所述发送模块,用于向第一节点发送第一算法协商请求信息,所述第一算法协商请求信息用于指示一个或多个算法和一个或多个密钥派生函数KDF;
    所述接收模块,用于接收来自所述第一节点的第一信息,其中,所述第一信息用于指示所述一个或多个算法中的至少一个第一算法和所述一个或多个KDF中的至少一个第一KDF。
  41. 根据权利要求40所述的通信装置,其特征在于,所述一个或多个算法包括加密算法,和/或,完整性保护算法,和/或,认证加密算法。
  42. 根据权利要求41所述的通信装置,其特征在于,所述第一信息是通过所述至少一个第一算法进行完整性保护。
  43. 根据权利要求41或42所述的通信装置,其特征在于,所述第一信息包括第二信息和第一消息验证码MAC,其中:
    所述第二信息用于指示所述至少一个第一算法以及所述至少一个第一KDF,所述第一MAC是对所述第二信息进行完整性保护得到的。
  44. 根据权利要求43所述的通信装置,其特征在于,所述通信装置还包括处理模块;
    所述至少一个第一算法包括完整性保护算法,所述第一MAC是对所述第二信息,通过所述完整性保护算法进行完整性保护得到的;所述处理模块,用于根据所述完整性保护算法和所述第二信息,得到第三MAC,所述第三MAC用于验证所述第二信息的完整性;或者,
    所述至少一个第一算法包括认证加密算法,所述第一MAC是对所述第二信息,通过所述认证加密算法进行完整性保护得到的;所述处理模块,用于根据所述认证加密算法和所述第二信息,得到第三MAC,所述第三MAC用于验证所述第二信息的完整性。
  45. 根据权利要求43或44所述的通信装置,其特征在于,所述第二信息还包括第一新鲜性参数和第一验证信息,所述第一新鲜性参数是与所述第一信息的时效性相关的参数,所述第一验证信息是根据所述第一算法协商请求信息、预置的共享密钥、所述第一新鲜性参数和所述第一KDF得到的。
  46. 根据权利要求41或42所述的通信装置,其特征在于,所述第一信息包括加密信息、第二通信信息和第二消息认证码MAC,其中:
    所述加密信息是对第一通信信息进行加密处理后得到的,所述第一通信信息不指示所述至少一个第一算法或所述至少一个第一KDF中至少一个,所述第二通信信息用于指示所述至少一个第一算法或所述至少一个第一KDF中至少一个;
    所述第二MAC是对所述加密信息和所述第二通信信息进行完整性保护得到的。
  47. 根据权利要求46所述的通信装置,其特征在于,所述至少一个第一算法包括加密算法和完整性保护算法;所述加密信息是对所述第一通信信息通过所述加密算法进行加密处理后得到的;所述第二MAC是对所述加密信息和所述第二通信信息通过所述完整性保护算法进行完整性保护得到的;
    所述通信装置还包括,处理模块;
    所述处理模块,用于根据所述完整性保护算法、所述加密信息和所述第二通信信息,得到第四MAC;
    所述处理模块,还用于若所述第四MAC与所述第二MAC相同,通过所述加密算 法对所述加密信息进行解密。
  48. 根据权利要求46所述的通信装置,其特征在于,所述至少一个第一算法包括认证加密算法;
    所述加密信息是对所述第一通信信息通过所述认证加密算法进行加密处理后得到的;
    所述第二MAC是对所述加密信息和所述第二通信信息通过所述认证加密算法进行完整性保护得到的;
    所述通信装置还包括处理模块;
    所述处理模块,用于根据所述认证加密算法、所述加密信息和所述第二通信信息,得到第四MAC;
    所述处理模块,还用于若所述第四MAC与所述第二MAC相同,通过所述认证加密算法对所述加密信息解密。
  49. 根据权利要求40-48中任一项所述的通信装置,其特征在于,所述至少一个第一算法为所述一个或多个算法中,所述第一节点支持的优先级最的算法;所述至少一个第一KDF为所述一个或多个KDF中、所述第一节点支持的优先级最高的KDF。
  50. 根据权利要求40-49中任一项所述的通信装置,其特征在于,第一算法协商请求信息还包括第二新鲜性参数,所述第二新鲜性参数是与所述第一算法协商请求信息的时效性相关的参数,
    所述发送模块,还用于向所述第一节点发送第二验证信息;其中,所述第二验证信息是根据所述第一信息、预置的共享密钥、所述第二新鲜性参数和所述第一KDF得到的。
  51. 根据权利要求40-50中任一项所述的通信装置,其特征在于,
    所述发送模块,还用于向所述第一节点发送第二算法协商请求信息,所述第二算法协商请求信息用于指示一个或多个算法和一个或多个KDF;
    所述接收模块,还用于接收来自所述第一节点的第三信息,所述第三信息用于指示不支持或者不适用所述第二算法协商请求信息指示的所述一个或多个算法和所述一个或多个KDF。
  52. 根据权利要求51所述的通信装置,其特征在于,所述第二算法协商请求信息指示的一个或多个算法不同于所述第一算法协商请求信息指示的一个或多个算法;
    所述第二算法协商请求信息指示的一个或多个KDF不同于所述第一算法协商请求信息指示的一个或多个KDF。
  53. 一种通信装置,其特征在于,包括:至少一个处理器,所述至少一个处理器与存储器耦合,所述存储器用于存储程序或指令,当所述程序或指令被所述处理器执行时,使得所述装置执行如权利要求1至13中任一项所述的方法,或者执行如权利要求14至26中任一项所述的方法。
  54. 一种计算机可读介质,其上存储有计算机程序或指令,其特征在于,所述计算机程序或指令被执行时使得计算机执行如权利要求1至13中任一项所述的方法或者如权利要求14至26中任一项所述的方法。
PCT/CN2020/093542 2020-05-29 2020-05-29 通信方法及装置 WO2021237753A1 (zh)

Priority Applications (8)

Application Number Priority Date Filing Date Title
CN202310734715.9A CN116801242A (zh) 2020-05-29 2020-05-29 通信方法及装置
CA3185313A CA3185313A1 (en) 2020-05-29 2020-05-29 Communications method and apparatus
EP20937988.2A EP4145787A4 (en) 2020-05-29 2020-05-29 COMMUNICATION METHOD AND DEVICE
MX2022015024A MX2022015024A (es) 2020-05-29 2020-05-29 Método y aparato de comunicaciones.
JP2022573160A JP7521011B2 (ja) 2020-05-29 2020-05-29 通信方法及び装置
PCT/CN2020/093542 WO2021237753A1 (zh) 2020-05-29 2020-05-29 通信方法及装置
CN202080015320.8A CN113455032B (zh) 2020-05-29 2020-05-29 通信方法、通信装置及计算机可读介质
US17/994,516 US20230091113A1 (en) 2020-05-29 2022-11-28 Communications Method and Apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/093542 WO2021237753A1 (zh) 2020-05-29 2020-05-29 通信方法及装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/994,516 Continuation US20230091113A1 (en) 2020-05-29 2022-11-28 Communications Method and Apparatus

Publications (1)

Publication Number Publication Date
WO2021237753A1 true WO2021237753A1 (zh) 2021-12-02

Family

ID=77808761

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093542 WO2021237753A1 (zh) 2020-05-29 2020-05-29 通信方法及装置

Country Status (7)

Country Link
US (1) US20230091113A1 (zh)
EP (1) EP4145787A4 (zh)
JP (1) JP7521011B2 (zh)
CN (2) CN116801242A (zh)
CA (1) CA3185313A1 (zh)
MX (1) MX2022015024A (zh)
WO (1) WO2021237753A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230334279A1 (en) * 2022-04-13 2023-10-19 Ford Global Technologies, Llc Vehicle access card with an integrated display

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645877A (zh) * 2008-08-07 2010-02-10 华为技术有限公司 密钥衍生函数的协商方法、系统及网络节点
CN106899562A (zh) * 2016-04-21 2017-06-27 中国移动通信有限公司研究院 物联网的安全算法协商方法、网元及物联网终端
CN109560919A (zh) * 2017-09-27 2019-04-02 华为技术有限公司 一种密钥衍生算法的协商方法及装置
CN109561427A (zh) * 2017-05-05 2019-04-02 华为技术有限公司 一种通信方法及相关装置
CN109905348A (zh) * 2017-12-07 2019-06-18 华为技术有限公司 端到端认证及密钥协商方法、装置及系统
US20200059780A1 (en) * 2018-08-16 2020-02-20 Comcast Cable Communications, Llc Secured data derivation for user devices

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459506B (zh) * 2007-12-14 2011-09-14 华为技术有限公司 密钥协商方法、用于密钥协商的系统、客户端及服务器
CN101854625B (zh) * 2009-04-03 2014-12-03 华为技术有限公司 安全算法选择处理方法与装置、网络实体及通信系统
CN102625300B (zh) * 2011-01-28 2015-07-08 华为技术有限公司 密钥生成方法和设备
US11297502B2 (en) * 2017-09-08 2022-04-05 Futurewei Technologies, Inc. Method and device for negotiating security and integrity algorithms
CN110149630A (zh) * 2018-02-11 2019-08-20 华为技术有限公司 一种安全算法的协商、发送方法及装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645877A (zh) * 2008-08-07 2010-02-10 华为技术有限公司 密钥衍生函数的协商方法、系统及网络节点
CN106899562A (zh) * 2016-04-21 2017-06-27 中国移动通信有限公司研究院 物联网的安全算法协商方法、网元及物联网终端
CN109561427A (zh) * 2017-05-05 2019-04-02 华为技术有限公司 一种通信方法及相关装置
CN109560919A (zh) * 2017-09-27 2019-04-02 华为技术有限公司 一种密钥衍生算法的协商方法及装置
CN109905348A (zh) * 2017-12-07 2019-06-18 华为技术有限公司 端到端认证及密钥协商方法、装置及系统
US20200059780A1 (en) * 2018-08-16 2020-02-20 Comcast Cable Communications, Llc Secured data derivation for user devices

Also Published As

Publication number Publication date
EP4145787A4 (en) 2023-05-31
US20230091113A1 (en) 2023-03-23
JP2023527845A (ja) 2023-06-30
MX2022015024A (es) 2023-03-10
CA3185313A1 (en) 2021-12-02
JP7521011B2 (ja) 2024-07-23
EP4145787A1 (en) 2023-03-08
CN113455032B (zh) 2023-06-27
CN113455032A (zh) 2021-09-28
CN116801242A (zh) 2023-09-22

Similar Documents

Publication Publication Date Title
WO2022133949A1 (zh) 一种安全接入方法及装置
WO2021047276A1 (zh) 一种密钥生成方法及装置
WO2022140903A1 (zh) 一种ota升级方法及装置
WO2020052414A1 (zh) 一种数据保护方法、设备及系统
WO2021147100A1 (zh) 报文传输方法及装置
WO2022110083A1 (zh) 一种通信方法及装置
WO2020221218A1 (zh) 信息获取方法及装置
WO2021031768A1 (zh) 一种安全加密的方法及装置
WO2021022406A1 (zh) 一种身份验证方法及装置
WO2021237753A1 (zh) 通信方法及装置
WO2022021087A1 (zh) 一种蓝牙节点配对方法及相关装置
US20240023175A1 (en) Pairing method and apparatus
WO2022021256A1 (zh) 一种关联控制方法及相关装置
WO2023050373A1 (zh) 一种通信方法、装置及系统
CN115460562A (zh) 安全可信的点对点离线通信系统和方法
CN115885496B (zh) 一种通信方法及相关装置
JP7534445B2 (ja) 鍵ネゴシエーション方法、装置、およびシステム
JP7572537B2 (ja) ノードペアリング方法及び関連する装置
WO2023010285A1 (zh) 信息处理方法、装置以及设备
US20230099065A1 (en) Key obtaining method and related apparatus
WO2023230929A1 (zh) 通信方法及相关装置
WO2023230983A1 (zh) 建立互操作通道的方法、装置、芯片和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20937988

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022573160

Country of ref document: JP

Kind code of ref document: A

Ref document number: 3185313

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 202237068963

Country of ref document: IN

ENP Entry into the national phase

Ref document number: 2020937988

Country of ref document: EP

Effective date: 20221130

NENP Non-entry into the national phase

Ref country code: DE